-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnewTicket.php
80 lines (73 loc) · 2.48 KB
/
newTicket.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
include "../conf.inc.php";
include "../functions.php";
session_start();
preventXSS($_POST);
if(count($_POST) == 3
&& !empty($_POST["t_category"])
&& !empty($_POST["ticket_label"])
&& !empty($_POST["ticket_content"])
){
$error=false;
$listOfTicketError = [];
if(!array_key_exists($_POST["t_category"], $categoryOfContact)){
$error = true;
$listOfTicketError[] = 1;
}
if(strlen($_POST["ticket_label"]) > 60 || strlen($_POST["ticket_label"]) < 4){
$error = true;
$listOfTicketError[] = 2;
}
$_POST["ticket_label"] = ucfirst(trim(mb_strtolower($_POST["ticket_label"])));
$_POST["ticket_content"] = trim($_POST["ticket_content"]);
if(strlen($_POST["ticket_content"]) > 1000 || strlen($_POST["ticket_content"]) < 10){
$error=true;
$listOfTicketError[] = 3;
}
if($error){
$_SESSION["errorTicket"] = $listOfTicketError;
$_SESSION["postForm"] = $_POST;
header("Location: ../contact.php");
}
else{
$alreadyExist = false;
while(!isset($ticketId) || $alreadyExist){
$alreadyExist = false;
$ticketId = createTicketId();
$connection = connectDB();
$query = $connection->prepare("SELECT ticket_id from ticket");
$query->execute();
$result = $query->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as $key => $value) {
foreach ($value as $key => $value) {
if($ticketId == $value)
$alreadyExist = true;
}
}
}
$time = getTimeForlog();
$result = getInfo("member_id, member_firstname, member_lastname");
echo $result["member_id"]."<br>";
echo $ticketId."<br>";
$connection = connectDB();
$ticketContent = "<u>".$result["member_firstname"]." ".$result["member_lastname"]." le ".$time." :</u> <br>".$_POST["ticket_content"]."<br>";
echo $ticketContent."<br>";
$query = $connection->prepare("INSERT INTO ticket(ticket_id,t_category,ticket_label,ticket_content, member,ticket_date,state, last_update, author_last_update) VALUES(:id, :category, :label, :ticket_content, :member, NOW(), :state, NOW(), :author_last_update)");
$query->execute([
"id"=>$ticketId,
"category"=>$_POST["t_category"],
"label"=>$_POST["ticket_label"],
"ticket_content"=>$ticketContent,
"member"=> $result["member_id"],
"state"=>0,
"author_last_update"=>$result["member_id"]
]);
$_SESSION["ticketSubmitted"] = true;
$_SESSION["ticketId"] = $ticketId;
header("Location: ../contact.php");
}
}
else{
$_SESSION["illegalForm"] = true;
header("Location: ../contact.php");
}