From 0079bc51526267dced16ad5dbdd434591553c85f Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Aug 2020 16:32:33 +0100 Subject: [PATCH] :art: Move SQL functions to prereqs.php for easy reuse (#41) Signed-off-by: Luke Tainton --- app/includes/prereqs.php | 66 +++++++++++++++++++++++++++++++++++ app/public/actions/close.php | 29 ++++----------- app/public/actions/update.php | 31 ++++------------ app/public/actions/upload.php | 33 ++++-------------- app/public/existing.php | 40 ++++++++------------- app/public/index.php | 57 +++++------------------------- app/public/update.php | 57 ++++-------------------------- app/public/upload.php | 59 ++++--------------------------- app/public/view.php | 56 ++++------------------------- 9 files changed, 127 insertions(+), 301 deletions(-) diff --git a/app/includes/prereqs.php b/app/includes/prereqs.php index a39e157..5745246 100644 --- a/app/includes/prereqs.php +++ b/app/includes/prereqs.php @@ -73,3 +73,69 @@ function get_user_name($db, $user_uuid) { } return $usr; } + +function get_my_requests($db) { + $ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid"; + $ticket_sql = $db->prepare($ticket_stmt); + $ticket_sql->bindParam(':uuid', $_SESSION['uuid']); + $ticket_sql->execute(); + $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); + $ticket_result = $ticket_sql->fetchAll(); + return $ticket_result; +} + +function get_subscribed_requests($db) { + $requests = array(); + $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid"; + $sub_tickets_sql = $db->prepare($sub_tickets_stmt); + $sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']); + $sub_tickets_sql->execute(); + $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); + $sub_tickets_result = $sub_tickets_sql->fetchAll(); + foreach ($sub_tickets_result as $tkt) { + $stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; + $sql = $db->prepare($stmt); + $sql->bindParam(':uuid', $tkt['uuid']); + $sql->execute(); + $sql->setFetchMode(PDO::FETCH_ASSOC); + $result = $sql->fetchAll(); + array_push($requests, $result[0]); + } + return $requests; +} + +function get_request($db, $uuid) { + $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; + $ticket_sql = $db->prepare($ticket_stmt); + $ticket_sql->bindParam(':uuid', $uuid); + $ticket_sql->execute(); + $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); + $ticket_result = $ticket_sql->fetchAll(); + $request = $ticket_result[0]; + return $request; +} + + +function get_updates($db, $request) { + $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; + $updates_sql = $db->prepare($updates_stmt); + $updates_sql->bindParam(':uuid', $request['uuid']); + $updates_sql->execute(); + $updates_sql->setFetchMode(PDO::FETCH_ASSOC); + $updates_result = $updates_sql->fetchAll(); + return $updates_result; +} + +function get_subscribers($db, $request) { + $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; + $users_sql = $db->prepare($users_stmt); + $users_sql->bindParam(':uuid', $request['uuid']); + $users_sql->execute(); + $users_sql->setFetchMode(PDO::FETCH_ASSOC); + $users_result = $users_sql->fetchAll(); + return $users_result; +} + +function isAuthorised($authorised_users, $request) { + if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } +} \ No newline at end of file diff --git a/app/public/actions/close.php b/app/public/actions/close.php index b7f4623..0c39517 100644 --- a/app/public/actions/close.php +++ b/app/public/actions/close.php @@ -1,29 +1,11 @@ prepare($users_stmt); - $users_sql->bindParam(':uuid', $_GET['rid']); - $users_sql->execute(); - $users_sql->setFetchMode(PDO::FETCH_ASSOC); - $users_result = $users_sql->fetchAll(); - } catch (PDOException $e) { - $new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage()); - } - - $authorised_users = array(); - foreach($users_result as $user) { - array_push($authorised_users, $user['user_uuid']); - } - - if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { - $is_authorised = true; - } else { - $is_authorised = false; - } - + $request = get_request($db, $_GET['rid']); + $authorised_users = get_subscribers($db, $request); + $is_authorised = isAuthorised($authorised_users, $request); + // Close request if ($is_authorised == true) { if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -40,6 +22,7 @@ } } else { $new_ticket_alert = array("danger", "You are not authorised to close this request."); + header('Location: /view?rid=' . $request['uuid'], true); } ?> \ No newline at end of file diff --git a/app/public/actions/update.php b/app/public/actions/update.php index bfa40eb..58cd968 100644 --- a/app/public/actions/update.php +++ b/app/public/actions/update.php @@ -1,29 +1,10 @@ prepare($users_stmt); - $users_sql->bindParam(':uuid', $_GET['rid']); - $users_sql->execute(); - $users_sql->setFetchMode(PDO::FETCH_ASSOC); - $users_result = $users_sql->fetchAll(); - } catch (PDOException $e) { - $new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage()); - } - - - $authorised_users = array(); - foreach($users_result as $user) { - array_push($authorised_users, $user['user_uuid']); - } - - if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { - $is_authorised = true; - } else { - $is_authorised = false; - } + $request = get_request($db, $_POST['rid']); + $authorised_users = get_subscribers($db, $request); + $is_authorised = isAuthorised($authorised_users, $request); // If form submitted, save to database if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -32,7 +13,7 @@ // Process ticket data $stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)"; $sql = $db->prepare($stmt); - $sql->bindParam(':tktuuid', $_POST['rid']); + $sql->bindParam(':tktuuid', $request['uuid']); $sql->bindParam(':user', $_SESSION['uuid']); $sql->bindParam(':msg', $_POST['msg']); $sql->execute(); @@ -41,7 +22,7 @@ } } else { $new_ticket_alert = array("danger", "You are not authorised to update this request."); - header('Location: /view?rid=' . $_POST['rid'], true); + header('Location: /view?rid=' . $request['uuid'], true); } } diff --git a/app/public/actions/upload.php b/app/public/actions/upload.php index eda90a0..9e8fb40 100644 --- a/app/public/actions/upload.php +++ b/app/public/actions/upload.php @@ -1,29 +1,10 @@ prepare($users_stmt); - $users_sql->bindParam(':uuid', $_GET['rid']); - $users_sql->execute(); - $users_sql->setFetchMode(PDO::FETCH_ASSOC); - $users_result = $users_sql->fetchAll(); - } catch (PDOException $e) { - $new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage()); - } - - - $authorised_users = array(); - foreach($users_result as $user) { - array_push($authorised_users, $user['user_uuid']); - } - - if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { - $is_authorised = true; - } else { - $is_authorised = false; - } + $request = get_request($db, $_POST['rid']); + $authorised_users = get_subscribers($db, $request); + $is_authorised = isAuthorised($authorised_users, $request); // If form submitted, save to database if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -39,18 +20,18 @@ $stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)"; $sql = $db->prepare($stmt); $sql->bindParam(':fileuuid', $file_uuid); - $sql->bindParam(':ticket', $_POST['rid']); + $sql->bindParam(':ticket', $request['uuid']); $sql->bindParam(':user', $_SESSION['uuid']); $sql->bindParam(':name', $file_name); $sql->execute(); } catch (PDOException $e) { $new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage()); } - header('Location: /view?rid=' . $_POST['rid'], true); + header('Location: /view?rid=' . $request['uuid'], true); } } else { $new_ticket_alert = array("danger", "You are not authorised to update this request."); - header('Location: /view?rid=' . $_POST['rid'], true); + header('Location: /view?rid=' . $request['uuid'], true); } } diff --git a/app/public/existing.php b/app/public/existing.php index d3a36d3..6fb5947 100644 --- a/app/public/existing.php +++ b/app/public/existing.php @@ -4,31 +4,19 @@ require_once __DIR__ . "/../includes/header.php"; if (is_signed_in()) { - // Get user's open tickets - try { - $user_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid"; - $user_tickets_sql = $db->prepare($user_tickets_stmt); - $user_tickets_sql->bindParam(':uuid', $_SESSION['uuid']); - $user_tickets_sql->execute(); - $user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); - $user_tickets_result = $user_tickets_sql->fetchAll(); - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); - } + $open_requests = array(); + $closed_requests = array(); - // Get user's closed tickets - try { - $closed_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid AND status='closed'#"; - $closed_tickets_sql = $db->prepare($user_tickets_stmt); - $closed_tickets_sql->bindParam(':uuid', $_SESSION['uuid']); - $closed_tickets_sql->execute(); - $closed_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); - $closed_tickets_result = $user_tickets_sql->fetchAll(); - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); - } + $requests = get_my_requests($db); + foreach($requests as $req) { + if ($req['status'] != "Closed") { + array_push($open_requests, $req); + } elseif ($req['status'] == "Closed") { + array_push($closed_requests, $req); + } } + } ?> @@ -53,10 +41,10 @@