diff --git a/app/public/new.php b/app/public/new.php index 666d879..892dba3 100644 --- a/app/public/new.php +++ b/app/public/new.php @@ -6,6 +6,51 @@ if (!is_signed_in()) { header('Location: /login'); } + + // If form submitted, save to database + if($_SERVER['REQUEST_METHOD'] == 'POST') { + try { + // Process ticket data + $stmt = "INSERT INTO tickets (title, description, created_by) VALUES (:title, :description, :user)"; + $sql = $db->prepare($stmt); + $sql->bindParam(':title', $_POST['title']); + $sql->bindParam(':description', $_POST['description']); + $sql->bindParam(':user', $_SESSION['uuid']); + $sql->execute(); + + // Get ticket UUID + try { + $tkt_stmt = "SELECT uuid FROM tickets WHERE created_by=:uuid AND created_on > date_sub(now(), interval 1 minute)"; + $tkt_sql = $db->prepare($tkt_stmt); + $tkt_sql->bindParam(':uuid', $_SESSION['uuid']); + $tkt_sql->execute(); + $tkt_sql->setFetchMode(PDO::FETCH_ASSOC); + $tkt_result = $tkt_sql->fetchAll()[0]; + $tkt_uuid = $tkt_result['uuid']; + } catch (PDOException $e) { + echo("Error: " . $e->getMessage()); + } + + // If file is uploaded, process that + if(isset($_FILES['file'])) { + $file_name = $_FILES['file']['name']; + $file_size =$_FILES['file']['size']; + $file_type=$_FILES['file']['type']; + $file_tmp =$_FILES['file']['tmp_name']; + move_uploaded_file($file_tmp,"/srv/attachments/".$file_name); + $stmt = "INSERT INTO ticket_uploads (ticket, user, path) VALUES (:ticket, :user, :filepath)"; + $sql = $db->prepare($stmt); + $sql->bindParam(':ticket', $tkt_uuid); + $sql->bindParam(':user', $_SESSION['uuid']); + $sql->bindParam(':filepath', "/srv/attachments/".$file_name); + $sql->execute(); + } + } catch (PDOException $e) { + echo("Error running SQL (Add new user):
" . $e->getMessage() . "
"); + } + + header('Location: /view?rid=' . $tkt_uuid); + } ?> @@ -23,7 +68,23 @@
-

This page is currently under construction.

+
+
+
+ + +
+
+ + +
+
+ + +
+ +
+