🎨 Move SQL functions to prereqs.php for easy reuse
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
@@ -1,29 +1,10 @@
|
||||
<?php
|
||||
$PAGE_NAME = "Update request";
|
||||
require_once __DIR__ . "/../../includes/header.php";
|
||||
|
||||
// Get authorised subscribers
|
||||
try {
|
||||
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
|
||||
$users_sql = $db->prepare($users_stmt);
|
||||
$users_sql->bindParam(':uuid', $_GET['rid']);
|
||||
$users_sql->execute();
|
||||
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$users_result = $users_sql->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
|
||||
}
|
||||
|
||||
|
||||
$authorised_users = array();
|
||||
foreach($users_result as $user) {
|
||||
array_push($authorised_users, $user['user_uuid']);
|
||||
}
|
||||
|
||||
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
|
||||
$is_authorised = true;
|
||||
} else {
|
||||
$is_authorised = false;
|
||||
}
|
||||
$request = get_request($db, $_POST['rid']);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
|
||||
// If form submitted, save to database
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
@@ -32,7 +13,7 @@
|
||||
// Process ticket data
|
||||
$stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':tktuuid', $_POST['rid']);
|
||||
$sql->bindParam(':tktuuid', $request['uuid']);
|
||||
$sql->bindParam(':user', $_SESSION['uuid']);
|
||||
$sql->bindParam(':msg', $_POST['msg']);
|
||||
$sql->execute();
|
||||
@@ -41,7 +22,7 @@
|
||||
}
|
||||
} else {
|
||||
$new_ticket_alert = array("danger", "You are not authorised to update this request.");
|
||||
header('Location: /view?rid=' . $_POST['rid'], true);
|
||||
header('Location: /view?rid=' . $request['uuid'], true);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user