AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tickets & Tasks

Browse Source 
- Add ability to un-complete/undo a completed task
- Require CSRF verification when deleting tickets and tasks
This commit is contained in:
wrongecho
2024-08-15 23:52:25 +01:00
parent 26d36e6f66
commit ccdfd96f56
3 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
post/tasks.php
View File

@@ -61,6 +61,9 @@ if (isset($_GET['delete_task'])) {
validateTechRole();
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
$task_id = intval($_GET['delete_task']);
// Get Client ID, task name from tasks and tickets using the task_id
@@ -105,5 +108,33 @@ if (isset($_GET['complete_task'])) {
$_SESSION['alert_message'] = "You completed Task <strong>$task_name</strong> Great Job!<i class='far fa-4x fa-smile-wink ml-2'></i>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['undo_complete_task'])) {
validateTechRole();
$task_id = intval($_GET['undo_complete_task']);
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
$task_name = sanitizeInput($row['task_name']);
$ticket_id = intval($row['ticket_id']);
mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NULL, task_completed_by = NULL WHERE task_id = $task_id");
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Undo Completed Task - $task_name', ticket_reply_time_worked = '00:01:00', ticket_reply_type = 'Internal', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
$ticket_reply_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task', log_action = 'Edit', log_description = '$session_name un-completed task $task_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $task_id");
$_SESSION['alert_message'] = "You marked Task <strong>$task_name</strong> as incomplete";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

3
post/ticket.php
View File

@@ -629,6 +629,9 @@ if (isset($_GET['delete_ticket'])) {
validateAdminRole();
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
$ticket_id = intval($_GET['delete_ticket']);
// Get Ticket and Client ID for logging and alert message