From b00863cd18a1020a4049a700ec9c738a107aef24 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Aug 2020 14:03:07 +0100 Subject: [PATCH] :sparkles: Implement upload functionality Signed-off-by: Luke Tainton --- app/public/upload.php | 102 +++++++++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 36 deletions(-) diff --git a/app/public/upload.php b/app/public/upload.php index 68b8df1..7840c80 100644 --- a/app/public/upload.php +++ b/app/public/upload.php @@ -1,43 +1,70 @@ prepare($ticket_stmt); - $ticket_sql->bindParam(':uuid', $_GET['rid']); - $ticket_sql->execute(); - $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); - $ticket_result = $ticket_sql->fetchAll(); - $request = $ticket_result[0]; - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); + // If form submitted, save to database + if($_SERVER['REQUEST_METHOD'] == 'POST') { + // If file is uploaded, process that + if(isset($_FILES['file']) && $_FILES['file']['name'] != "") { + try { + $file_uuid = Uuid::uuid4()->toString(); + $file_name = $_FILES['file']['name']; + $file_size = $_FILES['file']['size']; + $file_type = $_FILES['file']['type']; + $file_tmp = $_FILES['file']['tmp_name']; + move_uploaded_file($file_tmp,"/srv/attachments/".$file_name); + $stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)"; + $sql = $db->prepare($stmt); + $sql->bindParam(':fileuuid', $file_uuid); + $sql->bindParam(':ticket', $_POST['rid']); + $sql->bindParam(':user', $_SESSION['uuid']); + $sql->bindParam(':name', $file_name); + $sql->execute(); + } catch (PDOException $e) { + // echo("Error:
" . $e->getMessage() . "
"); + $new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage()); + } + } + header('Location: /view?rid=' . $tkt_uuid, true); + } else { // Form not yet submitted + // Get ticket + try { + $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; + $ticket_sql = $db->prepare($ticket_stmt); + $ticket_sql->bindParam(':uuid', $_GET['rid']); + $ticket_sql->execute(); + $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); + $ticket_result = $ticket_sql->fetchAll(); + $request = $ticket_result[0]; + } catch (PDOException $e) { + echo("Error: " . $e->getMessage()); + } + + // Get ticket updates + try { + $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; + $updates_sql = $db->prepare($updates_stmt); + $updates_sql->bindParam(':uuid', $_GET['rid']); + $updates_sql->execute(); + $updates_sql->setFetchMode(PDO::FETCH_ASSOC); + $updates_result = $updates_sql->fetchAll(); + } catch (PDOException $e) { + echo("Error: " . $e->getMessage()); + } + + // Get authorised subscribers + try { + $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; + $users_sql = $db->prepare($users_stmt); + $users_sql->bindParam(':uuid', $_GET['rid']); + $users_sql->execute(); + $users_sql->setFetchMode(PDO::FETCH_ASSOC); + $users_result = $users_sql->fetchAll(); + } catch (PDOException $e) { + echo("Error: " . $e->getMessage()); + } } - // Get ticket updates - try { - $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; - $updates_sql = $db->prepare($updates_stmt); - $updates_sql->bindParam(':uuid', $_GET['rid']); - $updates_sql->execute(); - $updates_sql->setFetchMode(PDO::FETCH_ASSOC); - $updates_result = $updates_sql->fetchAll(); - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); - } - - // Get authorised subscribers - try { - $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; - $users_sql = $db->prepare($users_stmt); - $users_sql->bindParam(':uuid', $_GET['rid']); - $users_sql->execute(); - $users_sql->setFetchMode(PDO::FETCH_ASSOC); - $users_result = $users_sql->fetchAll(); - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); - } $authorised_users = array(); foreach($users_result as $user) { @@ -167,7 +194,10 @@
-
+ +
+ +