archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

🐛 Require correct file in actions pages

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-09 17:30:20 +01:00
parent 9e25c836bb
commit e5fa2c986e
6 changed files with 49 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/public/actions/close.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$PAGE_NAME = "Close request"; $PAGE_NAME = "Close request";
require_once __DIR__ . "/../../includes/header.php"; require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_GET['rid']); $request = get_request($db, $_GET['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
@@ -9,20 +9,22 @@
// Close request // Close request
if ($is_authorised == true) { if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') { if($_SERVER['REQUEST_METHOD'] == 'POST') {
try { try {
// Process ticket data // Process ticket data
$stmt = "UPDATE tickets SET status = 'Closed' WHERE uuid=:uuid"; $stmt = "UPDATE tickets SET status = 'Closed' WHERE uuid=:uuid";
$sql = $db->prepare($stmt); $sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $_POST['rid']); $sql->bindParam(':uuid', $request['uuid']);
$sql->execute(); $sql->execute();
} catch (PDOException $e) { } catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to close request: " . $e->getMessage()); $alert = array("danger", "Failed to close request: " . $e->getMessage());
} }
header('Location: /', true);
} }
$newURL = "/";
echo("<script>window.location = '$newURL'</script>");
} else { } else {
$new_ticket_alert = array("danger", "You are not authorised to close this request."); $alert = array("danger", "You are not authorised to close this request.");
header('Location: /view?rid=' . $request['uuid'], true); $newURL = "/view?rid=$request['uuid']";
echo("<script>window.location = '$newURL'</script>");
} }
?> ?>

2
app/public/actions/create.php
View File

@@ -1,5 +1,5 @@
<?php <?php
require_once __DIR__ . "/../../includes/header.php"; require_once __DIR__ . "/../../includes/prereqs.php";
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
// If form submitted, save to database // If form submitted, save to database

11
app/public/actions/update.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$PAGE_NAME = "Update request"; $PAGE_NAME = "Update request";
require_once __DIR__ . "/../../includes/header.php"; require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']); $request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
@@ -17,13 +17,16 @@
$sql->bindParam(':user', $_SESSION['uuid']); $sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':msg', $_POST['msg']); $sql->bindParam(':msg', $_POST['msg']);
$sql->execute(); $sql->execute();
$alert = array("success", "Update saved successfully.");
} catch (PDOException $e) { } catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to save update: " . $e->getMessage()); $alert = array("danger", "Failed to save update: " . $e->getMessage());
} }
} else { } else {
$new_ticket_alert = array("danger", "You are not authorised to update this request."); $alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $request['uuid'], true);
} }
} }
$newURL = "/view?rid=$request['uuid']";
echo("<script>window.location = '$newURL'</script>");
?> ?>

11
app/public/actions/upload.php
View File

@@ -1,6 +1,7 @@
<?php <?php
$PAGE_NAME = "Upload file to request"; $PAGE_NAME = "Upload file to request";
require_once __DIR__ . "/../../includes/header.php"; require_once __DIR__ . "/../../includes/prereqs.php";
use Ramsey\Uuid\Uuid;
$request = get_request($db, $_POST['rid']); $request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
@@ -27,11 +28,13 @@
} catch (PDOException $e) { } catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage()); $new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
} }
header('Location: /view?rid=' . $request['uuid'], true); $newURL = "/view?rid=$request['uuid']";
echo("<script>window.location = '$newURL'</script>");
} }
} else { } else {
$new_ticket_alert = array("danger", "You are not authorised to update this request."); $alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $request['uuid'], true); $newURL = "/view?rid=$request['uuid']";
echo("<script>window.location = '$newURL'</script>");
} }
} }

1
app/public/existing.php
View File

@@ -1,6 +1,5 @@
<?php <?php
$PAGE_NAME = "Existing requests"; $PAGE_NAME = "Existing requests";
require_once __DIR__ . "/../includes/prereqs.php";
require_once __DIR__ . "/../includes/header.php"; require_once __DIR__ . "/../includes/header.php";
if (is_signed_in()) { if (is_signed_in()) {

18
app/public/view.php
View File

@@ -13,6 +13,24 @@
<!-- Begin page content --> <!-- Begin page content -->
<main role="main" class="flex-shrink-0"> <main role="main" class="flex-shrink-0">
<section>
<?php
if(isset($alert)) {
echo("
<div class='container'>
<div class='alert alert-" . $alert[0] . " alert-dismissible fade show' role='alert'>
" . $alert[1] . "
<button type='button' class='close' data-dismiss='alert' aria-label='Close'>
<span aria-hidden='true'>&times;</span>
</button>
</div>
</div>
");
unset($new_ticket_alert);
}
?>
</section>
<?php if (!is_signed_in()) { ?> <?php if (!is_signed_in()) { ?>
<section> <section>
<div class="container"> <div class="container">