archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity
Files
38694bef55d77cc1434f3477d8abf318faee03ba
FHeD/app/public/actions/addsub.php
Luke Tainton 38694bef55 Only allow creator to modify subscribers 
Signed-off-by: Luke Tainton <luke@tainton.uk>
2020-08-10 17:45:02 +01:00

31 lines
1.2 KiB
PHP
Raw Blame History

<?php
$PAGE_NAME = "Add Subscriber";
require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
// Add subscriber
if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
$stmt = "INSERT INTO ticket_subscribers (ticket_uuid, user_uuid) VALUES (:tktuuid, :usruuid)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $request['uuid']);
$sql->bindParam(':usruuid', $_POST['addSubSelector']);
$sql->execute();
} catch (PDOException $e) {
$alert = array("danger", "Failed to add subscriber: " . $e->getMessage());
}
}
$newURL = "/editsub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
} else {
$alert = array("danger", "You are not authorised to manage subscribers on this request.");
$newURL = "/editsub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
}
?>
Reference in New Issue View Git Blame Copy Permalink