🐛 Require correct file in actions pages

Signed-off-by: Luke Tainton <luke@tainton.uk>
2020-08-09 17:30:20 +01:00
parent 9e25c836bb
commit e5fa2c986e
6 changed files with 49 additions and 24 deletions
--- a/app/public/actions/close.php
+++ b/app/public/actions/close.php
@@ -1,6 +1,6 @@
 <?php
    $PAGE_NAME = "Close request";
-    require_once __DIR__ . "/../../includes/header.php";
+    require_once __DIR__ . "/../../includes/prereqs.php";

    $request = get_request($db, $_GET['rid']);
    $authorised_users = get_subscribers($db, $request);
@@ -13,16 +13,18 @@
              // Process ticket data
              $stmt = "UPDATE tickets SET status = 'Closed' WHERE uuid=:uuid";
              $sql = $db->prepare($stmt);
-            $sql->bindParam(':uuid', $_POST['rid']);
+              $sql->bindParam(':uuid', $request['uuid']);
              $sql->execute();
          } catch (PDOException $e) {
-            $new_ticket_alert = array("danger", "Failed to close request: " . $e->getMessage());
+              $alert = array("danger", "Failed to close request: " . $e->getMessage());
          }
-        header('Location: /', true);
        }
+        $newURL = "/";
+        echo("<script>window.location = '$newURL'</script>");
    } else {
-        $new_ticket_alert = array("danger", "You are not authorised to close this request.");
-        header('Location: /view?rid=' . $request['uuid'], true);
+        $alert = array("danger", "You are not authorised to close this request.");
+        $newURL = "/view?rid=$request['uuid']";
+        echo("<script>window.location = '$newURL'</script>");
    }

 ?>
--- a/app/public/actions/create.php
+++ b/app/public/actions/create.php
@@ -1,5 +1,5 @@
 <?php
-    require_once __DIR__ . "/../../includes/header.php";
+    require_once __DIR__ . "/../../includes/prereqs.php";
    use Ramsey\Uuid\Uuid;

    // If form submitted, save to database
--- a/app/public/actions/update.php
+++ b/app/public/actions/update.php
@@ -1,6 +1,6 @@
 <?php
    $PAGE_NAME = "Update request";
-    require_once __DIR__ . "/../../includes/header.php";
+    require_once __DIR__ . "/../../includes/prereqs.php";

    $request = get_request($db, $_POST['rid']);
    $authorised_users = get_subscribers($db, $request);
@@ -17,13 +17,16 @@
          $sql->bindParam(':user', $_SESSION['uuid']);
          $sql->bindParam(':msg', $_POST['msg']);
          $sql->execute();
+          $alert = array("success", "Update saved successfully.");
        } catch (PDOException $e) {
-          $new_ticket_alert = array("danger", "Failed to save update: " . $e->getMessage());
+          $alert = array("danger", "Failed to save update: " . $e->getMessage());
        }
      } else {
-        $new_ticket_alert = array("danger", "You are not authorised to update this request.");
-        header('Location: /view?rid=' . $request['uuid'], true);
+        $alert = array("danger", "You are not authorised to update this request.");
      }
    }

+    $newURL = "/view?rid=$request['uuid']";
+    echo("<script>window.location = '$newURL'</script>");
+
 ?>
--- a/app/public/actions/upload.php
+++ b/app/public/actions/upload.php
@@ -1,6 +1,7 @@
 <?php
    $PAGE_NAME = "Upload file to request";
-    require_once __DIR__ . "/../../includes/header.php";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+    use Ramsey\Uuid\Uuid;

    $request = get_request($db, $_POST['rid']);
    $authorised_users = get_subscribers($db, $request);
@@ -27,11 +28,13 @@
          } catch (PDOException $e) {
            $new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
          }
-          header('Location: /view?rid=' . $request['uuid'], true);
+          $newURL = "/view?rid=$request['uuid']";
+          echo("<script>window.location = '$newURL'</script>");
        }
      } else {
-        $new_ticket_alert = array("danger", "You are not authorised to update this request.");
-        header('Location: /view?rid=' . $request['uuid'], true);
+        $alert = array("danger", "You are not authorised to update this request.");
+        $newURL = "/view?rid=$request['uuid']";
+        echo("<script>window.location = '$newURL'</script>");
      }
    }

--- a/app/public/existing.php
+++ b/app/public/existing.php
@@ -1,6 +1,5 @@
 <?php
    $PAGE_NAME = "Existing requests";
-    require_once __DIR__ . "/../includes/prereqs.php";
    require_once __DIR__ . "/../includes/header.php";

    if (is_signed_in()) {
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -13,6 +13,24 @@
 <!-- Begin page content -->
 <main role="main" class="flex-shrink-0">

+  <section>
+    <?php
+      if(isset($alert)) {
+        echo("
+        <div class='container'>
+          <div class='alert alert-" . $alert[0] . " alert-dismissible fade show' role='alert'>
+            " . $alert[1] . "
+            <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+              <span aria-hidden='true'>&times;</span>
+            </button>
+          </div>
+        </div>
+      ");
+      unset($new_ticket_alert);
+      }
+    ?>
+  </section>
+
  <?php if (!is_signed_in()) { ?>
    <section>
      <div class="container">