add a space between the label and the value in ticket detailes, currently its too clode to ech other that makes it unreadle setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { die("Database connection failed: " . $e->getMessage()); } // Custom security check if (empty($_SESSION['user_id'])) { header("Location: http://localhost/helpdesk/?page_id=50"); exit; } // Get current user data $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $current_user = $stmt->fetch(PDO::FETCH_ASSOC); if (!$current_user) { session_destroy(); header("Location: http://localhost/helpdesk/?page_id=50"); exit; } // Base URL for ticket system $base_url = 'http://localhost/helpdesk/?page_id=70'; // Check if viewing/editing ticket $viewing_ticket = isset($_GET['ticket_id']); $editing_ticket = $viewing_ticket && isset($_GET['action']) && $_GET['action'] === 'edit'; $ticket_id = $viewing_ticket ? (int)$_GET['ticket_id'] : 0; // Handle form submissions $message = ''; $message_type = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['create_ticket'])) { $subject = htmlspecialchars($_POST['subject']); $description = htmlspecialchars($_POST['description']); $priority = htmlspecialchars($_POST['priority']); $department_id = (int)$_POST['department_id']; try { // Start transaction $pdo->beginTransaction(); $ticket_number = 'TKT-' . date('Ymd-His'); $stmt = $pdo->prepare("INSERT INTO tickets (ticket_number, subject, description, priority, department_id, created_by, status, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, 'open', NOW(), NOW())"); $stmt->execute([ $ticket_number, $subject, $description, $priority, $department_id, $current_user['id'] ]); $ticket_id = $pdo->lastInsertId(); // For initial message, set recipient to admin (or any default user) // Here we'll get the first admin user as recipient $stmt = $pdo->prepare("SELECT id FROM users WHERE role = 'admin' LIMIT 1"); $stmt->execute(); $admin = $stmt->fetch(); $recipient_id = $admin['id'] ?? $current_user['id']; // Fallback to current user if no admin found // Add initial message with valid recipient_id $stmt = $pdo->prepare("INSERT INTO messages (ticket_id, sender_id, recipient_id, message, is_read, created_at) VALUES (?, ?, ?, ?, 0, NOW())"); $stmt->execute([ $ticket_id, $current_user['id'], $recipient_id, $description ]); // Commit transaction $pdo->commit(); // Redirect to prevent form resubmission header("Location: $base_url&ticket_id=$ticket_id"); exit; } catch (PDOException $e) { $pdo->rollBack(); $message = 'Error creating ticket: ' . $e->getMessage(); $message_type = 'error'; } } elseif (isset($_POST['update_status'])) { $ticket_id = (int)$_POST['ticket_id']; $status = htmlspecialchars($_POST['status']); try { $pdo->beginTransaction(); $stmt = $pdo->prepare("UPDATE tickets SET status = ?, updated_at = NOW() WHERE id = ?"); $stmt->execute([$status, $ticket_id]); // Get the assigned staff for this ticket to set as recipient $stmt = $pdo->prepare("SELECT assigned_to FROM tickets WHERE id = ?"); $stmt->execute([$ticket_id]); $ticket = $stmt->fetch(); $recipient_id = $ticket['assigned_to'] ?? $current_user['id']; // Fallback to current user if not assigned // Add status change message with valid recipient_id $stmt = $pdo->prepare("INSERT INTO messages (ticket_id, sender_id, recipient_id, message, is_read, created_at) VALUES (?, ?, ?, ?, 0, NOW())"); $stmt->execute([ $ticket_id, $current_user['id'], $recipient_id, "Status changed to: " . ucfirst($status) ]); $pdo->commit(); // Redirect to prevent form resubmission header("Location: $base_url&ticket_id=$ticket_id"); exit; } catch (PDOException $e) { $pdo->rollBack(); $message = 'Error updating ticket status: ' . $e->getMessage(); $message_type = 'error'; } } elseif (isset($_POST['assign_ticket'])) { $ticket_id = (int)$_POST['ticket_id']; $assign_to = (int)$_POST['assign_to']; try { $pdo->beginTransaction(); $stmt = $pdo->prepare("UPDATE tickets SET assigned_to = ?, status = 'assigned', updated_at = NOW() WHERE id = ?"); $stmt->execute([$assign_to, $ticket_id]); // Add assignment message with valid recipient_id $stmt = $pdo->prepare("INSERT INTO messages (ticket_id, sender_id, recipient_id, message, is_read, created_at) VALUES (?, ?, ?, ?, 0, NOW())"); $stmt->execute([ $ticket_id, $current_user['id'], $assign_to, // Recipient is the assigned staff "Ticket assigned to support for resolution." ]); $pdo->commit(); // Redirect to prevent form resubmission header("Location: $base_url&ticket_id=$ticket_id"); exit; } catch (PDOException $e) { $pdo->rollBack(); $message = 'Error assigning ticket: ' . $e->getMessage(); $message_type = 'error'; } } elseif (isset($_POST['add_message'])) { $ticket_id = (int)$_POST['ticket_id']; $message_text = htmlspecialchars($_POST['message']); try { $pdo->beginTransaction(); // Get the assigned staff for this ticket to set as recipient $stmt = $pdo->prepare("SELECT assigned_to FROM tickets WHERE id = ?"); $stmt->execute([$ticket_id]); $ticket = $stmt->fetch(); $recipient_id = $ticket['assigned_to'] ?? $current_user['id']; // Fallback to current user if not assigned // Add message with valid recipient_id $stmt = $pdo->prepare("INSERT INTO messages (ticket_id, sender_id, recipient_id, message, is_read, created_at) VALUES (?, ?, ?, ?, 0, NOW())"); $stmt->execute([ $ticket_id, $current_user['id'], $recipient_id, $message_text ]); // Update ticket's updated_at $stmt = $pdo->prepare("UPDATE tickets SET updated_at = NOW() WHERE id = ?"); $stmt->execute([$ticket_id]); $pdo->commit(); // Redirect to prevent form resubmission header("Location: $base_url&ticket_id=$ticket_id"); exit; } catch (PDOException $e) { $pdo->rollBack(); $message = 'Error adding message: ' . $e->getMessage(); $message_type = 'error'; } } } // Handle ticket deletion (GET request) if (isset($_GET['delete_ticket'])) { $ticket_id_to_delete = (int)$_GET['delete_ticket']; try { // Verify user has permission to delete $stmt = $pdo->prepare("SELECT created_by FROM tickets WHERE id = ?"); $stmt->execute([$ticket_id_to_delete]); $ticket = $stmt->fetch(); $is_admin = in_array($current_user['role'], ['admin', 'staff']); $is_creator = ($ticket['created_by'] ?? null) == $current_user['id']; if (!$ticket || (!$is_creator && !$is_admin)) { $message = 'You do not have permission to delete this ticket'; $message_type = 'error'; } else { $pdo->beginTransaction(); // First delete messages $stmt = $pdo->prepare("DELETE FROM messages WHERE ticket_id = ?"); $stmt->execute([$ticket_id_to_delete]); // Then delete the ticket $stmt = $pdo->prepare("DELETE FROM tickets WHERE id = ?"); $stmt->execute([$ticket_id_to_delete]); $pdo->commit(); // Redirect to prevent refresh from deleting again header("Location: $base_url&deleted=1"); exit; } } catch (PDOException $e) { $pdo->rollBack(); $message = 'Error deleting ticket: ' . $e->getMessage(); $message_type = 'error'; } } // Handle deletion success message from redirect if (isset($_GET['deleted'])) { $message = 'Ticket deleted successfully!'; $message_type = 'success'; } // Get ticket details if viewing a ticket if ($viewing_ticket) { // Get ticket details $stmt = $pdo->prepare(" SELECT t.*, d.name as department_name, CONCAT(u.first_name, ' ', u.last_name) as creator_name, CONCAT(a.first_name, ' ', a.last_name) as assigned_name FROM tickets t LEFT JOIN departments d ON t.department_id = d.id LEFT JOIN users u ON t.created_by = u.id LEFT JOIN users a ON t.assigned_to = a.id WHERE t.id = ? "); $stmt->execute([$ticket_id]); $ticket = $stmt->fetch(PDO::FETCH_ASSOC); // Check if ticket exists and user has permission if (!$ticket) { die("Ticket not found"); } if ($current_user['role'] === 'user' && $ticket['created_by'] != $current_user['id']) { die("You don't have permission to view this ticket"); } // Get ticket messages with correct column names $stmt = $pdo->prepare(" SELECT m.*, CONCAT(s.first_name, ' ', s.last_name) as sender_name, s.role as sender_role, CONCAT(r.first_name, ' ', r.last_name) as recipient_name FROM messages m LEFT JOIN users s ON m.sender_id = s.id LEFT JOIN users r ON m.recipient_id = r.id WHERE m.ticket_id = ? ORDER BY m.created_at ASC "); $stmt->execute([$ticket_id]); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); } // Get all necessary data for ticket list if (!$viewing_ticket) { try { // Get tickets based on role if ($current_user['role'] === 'admin' || $current_user['role'] === 'staff') { $tickets = $pdo->query(" SELECT t.*, d.name as department_name, CONCAT(u.first_name, ' ', u.last_name) as creator_name, CONCAT(a.first_name, ' ', a.last_name) as assigned_name FROM tickets t LEFT JOIN departments d ON t.department_id = d.id LEFT JOIN users u ON t.created_by = u.id LEFT JOIN users a ON t.assigned_to = a.id ORDER BY t.created_at DESC ")->fetchAll(PDO::FETCH_ASSOC); } else { $stmt = $pdo->prepare(" SELECT t.*, d.name as department_name, CONCAT(a.first_name, ' ', a.last_name) as assigned_name FROM tickets t LEFT JOIN departments d ON t.department_id = d.id LEFT JOIN users a ON t.assigned_to = a.id WHERE t.created_by = ? ORDER BY t.created_at DESC "); $stmt->execute([$current_user['id']]); $tickets = $stmt->fetchAll(PDO::FETCH_ASSOC); } // Get departments for dropdown $departments = $pdo->query("SELECT * FROM departments")->fetchAll(PDO::FETCH_ASSOC); // Get staff for assignment dropdown $staff_members = $pdo->query(" SELECT id, CONCAT(first_name, ' ', last_name) as name FROM users WHERE role IN ('staff', 'admin') ")->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { die("Error fetching data: " . $e->getMessage()); } } ?> <?= $viewing_ticket ? 'Ticket Details' : 'Ticket System' ?>

Ticket Management

Back to Tickets

Subject:

Ticket #:

Status:

Priority:

Description:

Created By:

Department:

Assigned To:

Created At:

Updated At:

Add Message

Create New Ticket

No tickets found.

Ticket #	Created By	Subject	Status	Priority	Department	Assigned To	Created At	Actions
								View Delete