";
$al = (int)$_SESSION["access_level"];
if ($al >= 1){ //do everything below
if (array_key_exists('ticket_number', $_REQUEST))
{
$ticket = $_REQUEST['ticket_number'];
} else {
$ticket = "";
}
//If update button is pressed in the tickets details page:
if (isset($_REQUEST['update'])){
$created_date = $_REQUEST['created_date'];
$status = $_REQUEST['status'];
$ticket_number = $_REQUEST['ticket_number'];
$priority = $_REQUEST['priority'];
$assigned_to = $_REQUEST['assigned_to'];
$opened_by = $_REQUEST['opened_by'];
$details = $_REQUEST['add_new_details'];
$description = mysqli_real_escape_string($dbc, $_REQUEST['description']);
//If ticket field is empty run an insert on all fields....else
if (empty($ticket)) {
$query_update = "
INSERT INTO `tickets` (`created_date`, `assigned_to`, `status`, `priority`, `description`, `opened_by`) VALUES ('$created_date', '$assigned_to', '$status', '$priority', '$description', '$opened_by');
";
//if there is already a ticket number in there (comming from the all tickets page) do an update on that ticket#
} else {
$query_update = "
UPDATE `tickets` SET `created_date` = '$created_date', `assigned_to` = '$assigned_to', `status` = '$status', `priority` = '$priority', `description` = '$description', `opened_by` = '$opened_by' WHERE `tickets`.`ticket_number` = $ticket;
";
}
$result_update = @mysqli_query ($dbc, $query_update);
//if the ticket was just created grab an ID for the New Details to know what ticket to add details into.
if (empty($ticket)) {
$ticket = mysqli_insert_id($dbc);
}
// errors if it didn't update:
if (!$result_update){
echo 'The current data could not be retrieved.
';
echo '' . mysqli_error($dbc) . '
Query: ' . $query_update . '
';
}// errors if ticket it didn't update:
//always insert Add New Details field either way
$query_details = "
INSERT INTO `ticket_details` (`time_stamp`, `ticket_detail`, `ticket_number`) VALUES (NOW(), '$details', '$ticket');";
$result_details = @mysqli_query ($dbc, $query_details);
if (!$result_details){
echo 'The current data could not be retrieved.
';
echo '' . mysqli_error($dbc) . '
Query: ' . $query_details . '
';
}// errors if it details didn't update:
}//If update button is pressed in the tickets details page:
$query_tickets = "
SELECT ticket_number, created_date,
assigned_to,
AssignedTo.username AS assigned_to_username,
AssignedTo.f_name AS assigned_to_f_name,
AssignedTo.l_name AS assigned_to_l_name,
status, priority, description,
opened_by,
OpenedBy.username AS opened_by_username,
OpenedBy.f_name AS opened_by_f_name,
OpenedBy.l_name AS opened_by_l_name
FROM tickets
JOIN Users AS AssignedTo ON tickets.assigned_to = AssignedTo.uid
JOIN Users AS OpenedBy ON tickets.opened_by = OpenedBy.uid
WHERE ticket_number = '$ticket'
";
$query_users = "SELECT * FROM `Users` WHERE access_level = 1";
if ($al == 1) { $query_users .= " AND uid='" . $_SESSION['uid'] . "'"; }
$query_techs = "SELECT * FROM `Users` WHERE `access_level` > 1";
$query_details = "SELECT * FROM `ticket_details` WHERE `ticket_number` = '$ticket' ORDER BY time_stamp DESC";
//Run the query.
$result_tickets= @mysqli_query ($dbc, $query_tickets);
$result_users= @mysqli_query ($dbc, $query_users);
$result_techs= @mysqli_query ($dbc, $query_techs);
$result_details = @mysqli_query ($dbc, $query_details);
// If it ran OK, display the records.
if ($result_tickets && $result_users && $result_techs) {
// Fetch and print all the records:
$row_tickets = mysqli_fetch_array($result_tickets, MYSQLI_ASSOC);
if (!empty($ticket) && ($al == 1) && ($row_tickets['opened_by'] != $_SESSION['uid'])) {
echo'Access Denied: this is not your ticket!';
include 'includes/footer.php';
exit(0);
}
// generate the page that loads from the all tickets link
//} else continued below ticket details
?>
The current data could not be retrieved.';
echo '' . mysqli_error($dbc) . '
Query Tickets: ' . $query_tickets . '
';
echo '' . mysqli_error($dbc) . '
Query Users: ' . $query_users . '
';
echo '' . mysqli_error($dbc) . '
Query Techs: ' . $query_techs . '
';
echo '' . mysqli_error($dbc) . '
Query Techs: ' . $query_techs . '
';
}
?>