From 5c5a4716b117a682874d3d88629ccedc2d78427e Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 17:15:58 +0100
Subject: [PATCH] :bug: Fix deleting subs (hopefully)

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/actions/delsub.php | 17 +++++++----------
 app/public/editsub.php        | 20 ++++++++++++++++----
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
index a279600..244c588 100644
--- a/app/public/actions/delsub.php
+++ b/app/public/actions/delsub.php
@@ -9,16 +9,13 @@
     // Remove subscriber(s)
     if ($is_authorised == true) {
         if($_SERVER['REQUEST_METHOD'] == 'POST') {
-          foreach ($_POST['addSubSelector[]'] as $sub) {
-            try {
-                $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
-                $sql = $db->prepare($stmt);
-                $sql->bindParam(':tktuuid', $request['uuid']);
-                $sql->bindParam(':usruuid', $sub);
-                $sql->execute();
-            } catch (PDOException $e) {
-                $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
-            }
+          try {
+              $stmt = "DELETE FROM ticket_subscribers WHERE WHERE sub_id IN (:sublist)";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':sublist', $_POST['delSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
           }
         }
         $newURL = "/editsub?rid=" . $request['uuid'];
diff --git a/app/public/editsub.php b/app/public/editsub.php
index 8313de0..554b117 100644
--- a/app/public/editsub.php
+++ b/app/public/editsub.php
@@ -7,6 +7,18 @@
     $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
 
     $all_users = get_all_users($db);
+
+    function get_req_subs($uuid) {
+      $stmt = "SELECT * FROM ticket_subscribers WHERE ticket_uuid=:uuid";
+      $sql = $db->prepare($stmt);
+      $sql->bindParam(':uuid', $uuid);
+      $sql->execute();
+      $sql->setFetchMode(PDO::FETCH_ASSOC);
+      $result = $sql->fetchAll();
+      return $result;
+    }
+
+    $subs = get_req_subs($request['uuid'])
 ?>
 
 
@@ -103,10 +115,10 @@
                         <form method="post" action="/actions/delsub">
                           <div class="form-group">
                             <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
-                            <label for="delSubSelector[]">Remove subscribers:</label>
-                            <select multiple class="form-control" id="delSubSelector[]" name="delSubSelector[]">
-                              <?php foreach($authorised_users as $usr) {
-                                  echo("<option value='" . $usr['uuid'] . "'>" . get_user_name($db, $usr) . "</option>");
+                            <label for="delSubSelector">Remove subscribers:</label>
+                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
+                              <?php foreach($subs as $sub) {
+                                  echo("<option value='" . $sub['sub_id'] . "'>" . get_user_name($db, $sub['user_uuid']) . "</option>");
                                 } ?>
                             </select>
                           </div>