admin/36670-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36670-vm/update_request_status.php
Flatlogic Bot 7c1bf16409 PDA
2025-12-05 05:31:29 +00:00

93 lines
3.5 KiB
PHP
Raw Blame History

<?php
require_once 'auth_check.php';
require_once 'db/config.php';
require_once 'mail/MailService.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: all_requests.php');
exit;
}
// Admin-only action
if ($_SESSION['role'] !== 'admin') {
$_SESSION['error_message'] = "You are not authorized to perform this action.";
header('Location: index.php');
exit;
}
$requestId = filter_input(INPUT_POST, 'request_id', FILTER_VALIDATE_INT);
$newStatus = filter_input(INPUT_POST, 'new_status', FILTER_SANITIZE_STRING);
$adminComment = filter_input(INPUT_POST, 'admin_comment', FILTER_SANITIZE_STRING);
if (!$requestId || !$newStatus) {
$_SESSION['error_message'] = "Invalid data provided.";
header('Location: all_requests.php');
exit;
}
// Validate status
$allowed_statuses = ['Pending', 'Approved', 'In Development', 'Completed', 'Rejected'];
if (!in_array($newStatus, $allowed_statuses)) {
$_SESSION['error_message'] = "Invalid status value.";
header('Location: view_request.php?id=' . $requestId);
exit;
}
try {
$pdoconn = db();
// Fetch request details
$stmt = $pdoconn->prepare("SELECT cr.status, cr.change_title FROM change_requests cr WHERE cr.id = :id");
$stmt->bindParam(':id', $requestId, PDO::PARAM_INT);
$stmt->execute();
$request = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$request) {
$_SESSION['error_message'] = "Request not found.";
header('Location: all_requests.php');
exit;
}
// Update the request status and/or comment
$sql = "UPDATE change_requests SET status = :status, admin_comment = :comment WHERE id = :id";
$stmt = $pdoconn->prepare($sql);
$stmt->bindParam(':status', $newStatus, PDO::PARAM_STR);
$stmt->bindParam(':comment', $adminComment, PDO::PARAM_STR);
$stmt->bindParam(':id', $requestId, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$_SESSION['success_message'] = "Request status updated successfully.";
// Send email notification if the status has changed
if ($request['status'] !== $newStatus) {
// NOTE: Email sending is disabled because requester email is not available in the users table.
/*
$to = $request['requester_email']; // This column does not exist
$subject = "Update on your Change Request #{$requestId}";
$body = "<p>The status of your change request '{$request['change_title']}' has been updated to <strong>" . htmlspecialchars(ucfirst($newStatus)) . "</strong>.</p>";
if (!empty($adminComment)) {
$body .= "<p><strong>Admin Comment:</strong> " . htmlspecialchars($adminComment) . "</p>";
}
$body .= "<p>You can view the request here: <a href=\"http://{$_SERVER['HTTP_HOST']}/view_request.php?id={$requestId}\">View Request</a></p>";
MailService::sendMail($to, $subject, $body, strip_tags($body));
$_SESSION['success_message'] = "Request status updated and notification sent.";
*/
}
} else {
$_SESSION['info_message'] = "No changes were made to the request.";
}
} catch (PDOException $e) {
$_SESSION['error_message'] = "Database error: " . $e->getMessage();
error_log("DB Error: " . $e->getMessage());
} catch (Exception $e) {
$_SESSION['error_message'] = "Error: " . $e->getMessage();
error_log("General Error: " . $e->getMessage());
}
header('Location: view_request.php?id=' . $requestId);
exit;
Reference in New Issue View Git Blame Copy Permalink