archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Code refactoring and tidying up

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-09 14:52:54 +01:00
parent 20c71572ac
commit 1f59131dc0
11 changed files with 206 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/includes/header.php
View File

@@ -50,12 +50,12 @@
<a class="dropdown-item text-muted" href="#"><?php echo($_SESSION['username']); ?></a>
<a class="dropdown-item" href="<?php echo($_ENV['OIDC_HOST'] . "/account?referrer=" . $_ENV['OIDC_CLIENT_ID'] . "&referrer_uri=" . urlencode($_ENV['APP_URL'])); ?>">Profile</a>
<!-- <div class="dropdown-divider"></div> -->
<a class="dropdown-item" href="/logout">Log out</a>
<a class="dropdown-item" href="/actions/logout">Log out</a>
</div>
</li>
<?php } else { ?>
<li class="nav-item">
<a class="nav-link" href="/login">Log in</a>
<a class="nav-link" href="/actions/login">Log in</a>
</li>
<?php } ?>
</ul>

45
app/public/actions/close.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
// Close request
if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
// Process ticket data
$stmt = "UPDATE tickets SET status = 'Closed' WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $_POST['rid']);
$sql->execute();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to close request: " . $e->getMessage());
}
header('Location: /', true);
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to close this request.");
}
?>

44
app/public/actions/create.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
require_once __DIR__ . "/../../includes/header.php";
use Ramsey\Uuid\Uuid;
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
// Process ticket data
$tkt_uuid = Uuid::uuid4()->toString();
$stmt = "INSERT INTO tickets (uuid, title, description, created_by) VALUES (:tktuuid, :title, :description, :user)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $tkt_uuid);
$sql->bindParam(':title', $_POST['title']);
$sql->bindParam(':description', $_POST['description']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to save request: " . $e->getMessage());
}
// If file is uploaded, process that
if(isset($_FILES['file']) && $_FILES['file']['name'] != "") {
try {
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
$stmt = "INSERT INTO ticket_uploads (ticket, user, filename) VALUES (:ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':ticket', $tkt_uuid);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':name', $file_name);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
}
}
header('Location: /view?rid=' . $tkt_uuid, true);
}
?>

2
app/public/login.php → app/public/actions/login.php
View File

@@ -1,6 +1,6 @@
<?php
$PAGE_NAME = "Logging in...";
require_once __DIR__ . "/../includes/prereqs.php";
require_once __DIR__ . "/../../includes/prereqs.php";
// Perform the OIDC authentication
try {

2
app/public/logout.php → app/public/actions/logout.php
View File

@@ -1,6 +1,6 @@
<?php
$PAGE_NAME = "Logging out...";
require_once __DIR__ . "/../includes/prereqs.php";
require_once __DIR__ . "/../../includes/prereqs.php";
session_destroy();

48
app/public/actions/update.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($is_authorised == true) {
try {
// Process ticket data
$stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $_POST['rid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':msg', $_POST['msg']);
$sql->execute();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to save update: " . $e->getMessage());
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $_POST['rid'], true);
}
}
?>

57
app/public/actions/upload.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($is_authorised == true) {
if(isset($_FILES['file']) && $_FILES['file']['name'] != "") {
try {
$file_uuid = Uuid::uuid4()->toString();
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
$stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileuuid', $file_uuid);
$sql->bindParam(':ticket', $_POST['rid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':name', $file_name);
$sql->execute();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
}
header('Location: /view?rid=' . $_POST['rid'], true);
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $_POST['rid'], true);
}
}
?>

43
app/public/new.php
View File

@@ -1,47 +1,6 @@
<?php
$PAGE_NAME = "New request";
require_once __DIR__ . "/../includes/header.php";
use Ramsey\Uuid\Uuid;
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
// Process ticket data
$tkt_uuid = Uuid::uuid4()->toString();
$stmt = "INSERT INTO tickets (uuid, title, description, created_by) VALUES (:tktuuid, :title, :description, :user)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $tkt_uuid);
$sql->bindParam(':title', $_POST['title']);
$sql->bindParam(':description', $_POST['description']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to save request: " . $e->getMessage());
}
// If file is uploaded, process that
if(isset($_FILES['file']) && $_FILES['file']['name'] != "") {
try {
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
$stmt = "INSERT INTO ticket_uploads (ticket, user, filename) VALUES (:ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':ticket', $tkt_uuid);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':name', $file_name);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
}
}
header('Location: /view?rid=' . $tkt_uuid, true);
}
if (!is_signed_in()) {
$new_ticket_alert = array("danger", "You need to log in to access this page.");
@@ -83,7 +42,7 @@
<section>
<div class="card mx-auto" style="width: 50%;margin-bottom: 50px;">
<form style="padding: 2%" action="/new" method="post" enctype="multipart/form-data">
<form style="padding: 2%" action="/actions/create" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="title">Title: </label>
<input type="text" class="form-control" id="title" name="title">

25
app/public/update.php
View File

@@ -1,23 +1,6 @@
<?php
$PAGE_NAME = "Update Request";
require_once __DIR__ . "/../includes/header.php";
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
// Process ticket data
$stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $_POST['rid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':msg', $_POST['msg']);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to save update: " . $e->getMessage());
}
header('Location: /view?rid=' . $_POST['rid'], true);
}
// Get ticket
try {
@@ -36,7 +19,7 @@
try {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $_GET['rid']);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
@@ -48,7 +31,7 @@
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
@@ -185,9 +168,9 @@
<div class="col-12">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-send-outline"></span> Post update</div>
<form action="/update" method="post" enctype="multipart/form-data">
<form action="/actions/update" method="post" enctype="multipart/form-data">
<div class="form-group">
<input type="hidden" id="rid" name="rid" value="b4b3d4cf-d64d-11ea-b64d-0019997c933f">
<input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
</div>
<div class="form-group" style="margin: 2%;">
<textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>

33
app/public/upload.php
View File

@@ -2,32 +2,6 @@
$PAGE_NAME = "Upload file";
require_once __DIR__ . "/../includes/header.php";
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// If file is uploaded, process that
if(isset($_FILES['file']) && $_FILES['file']['name'] != "") {
try {
$file_uuid = Uuid::uuid4()->toString();
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
$stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileuuid', $file_uuid);
$sql->bindParam(':ticket', $_POST['rid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':name', $file_name);
$sql->execute();
} catch (PDOException $e) {
// echo("Error: <br>" . $e->getMessage() . "<br>");
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
}
}
header('Location: /view?rid=' . $tkt_uuid, true);
}
// Get ticket
try {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
@@ -102,11 +76,6 @@
<h1><?php echo($request['title']); ?></h1>
<p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
<p class="lead text-muted"><?php echo($request['description']); ?></p>
<p>
<a href='/update?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
<a href='/upload?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
<a href='/close?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
</p>
</div>
</section>
<section>
@@ -199,7 +168,7 @@
<div class="col-12">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-cloud-upload-outline"></span> Upload file(s)</div>
<form action="/upload" method="post" enctype="multipart/form-data">
<form action="/actions/upload" method="post" enctype="multipart/form-data">
<div class="form-group">
<input type="hidden" id="rid" name="rid" value="b4b3d4cf-d64d-11ea-b64d-0019997c933f">
</div>

4
app/public/view.php
View File

@@ -78,7 +78,7 @@
<p>
<a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
<a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
<a href='/close?rid=<?php echo($request["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
<a href='/actions/close?rid=<?php echo($request["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
</p>
</div>
</section>
@@ -150,7 +150,7 @@
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
<span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i> <?php echo(" " . $update['created']); ?></i></span>
</div>
<div class="row">
<span><?php echo($update['msg']); ?></span>