MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/main/worker/index.php
<?php
session_start();

$command = $_POST['submit'];
$customerID = $_POST['txtCustomerID'];
//$files = strtolower($_FILES['txtImage']['name']);

switch ($command) {
	case 'Book Request':
	//echo $files;
		// Support Request
		$ticketID = "QH" . abs(crc32( uniqid()));
		$customerID = $_POST['txtCustomerID'];
		$supportPlanID = $_POST['txtSupportPlanID']; //Support Plan
		$requestID = $_POST['txtRequestID']; //Request
		$requestTypeID = $_POST['txtRequestTypeID']; //Request Type
		$deviceID = $_POST['txtDeviceTypeID']; //Device Type
		$deviceInfo = $_POST['txtDeviceTypeInfo']; //Device Type (Other)
		$deviceBrandID = $_POST['txtDeviceBrandID']; // Device Brand
		$deviceBrandInfo = $_POST['txtDeviceBrandInfo']; //Device Brand Info;
		$deviceModel = $_POST['txtDeviceModel']; // Device Model
		$description = $_POST['txtDescription']; //Description
		$supportTimeType = $_POST['txtWhen']; //When to come
		$supportTime = $_POST['txtDateTime']; //DateTime
		$regEmail = $_POST['txtRegEmail']; //Registered Email
		//$target_file = $target_dir . basename($_FILES["txtImage"]["name"]); // Getting the image extension
		$Picture = $ticketID . "." . strtolower($_FILES["txtImage"]["name"]); //Request Image

		// Support Contact info
		$contactName = $_POST['txtContactName']; //Support Contact Person
		$contactNumber = $_POST['txtContactNumber']; //Support Contact Number
		$contactEmail = $_POST['txtContactEmail']; //Support Contact Email
		$supportLocation = $_POST['txtSupportLocation']; //Support Location
		$center = $_POST['txtCenter']; //Support Center

		
		$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

			header("Location: workers/helpdesk_request.php?cid=$customerID&tid=$ticketID&spid=$supportPlanID&rid=$requestID&rtid=$requestTypeID&did=$deviceID&dif=$deviceInfo&dbid=$deviceBrandID&dbif=$deviceBrandInfo&dvm=$deviceModel&des=$description&stt=$supportTimeType&sut=$supportTime&pix=$Picture&cna=$contactName&cno=$contactNumber&cem=$contactEmail&spl=$supportLocation&cen=$center&rm=$regEmail");
		break;

	case "Book Project Support":
		$ticketID = "QP" . abs(crc32( uniqid()));
		$customerID = $_POST['txtCustomerID'];
		$supportPlanID = $_POST['txtSupportPlanID']; //Support Plan
		$projectType = $_POST['txtProjectType']; //Request
		$requestTypeOther = $_POST['txtProjectTypeOther']; //Request Type
		$description = $_POST['txtDescription']; //Device Type
		$projectTenure = $_POST['txtProjectTenure']; //Device Type (Other)
		$projectStartType = $_POST['txtProjectStart']; // Device Brand
		$projectStart = $_POST['txtDateTime']; //Device Brand Info;
		$projectLocation = $_POST['txtProjectLocation']; // Device Model
		$Picture = $_POST["txtDocumentation"]; //Request Image


		$contactName = $_POST['txtContactName']; //Support Contact Person
		$contactNumber = $_POST['txtContactNumber']; //Support Contact Number
		$contactEmail = $_POST['txtContactEmail']; //Support Contact Email
		$supportLocation = $_POST['txtSupportLocation']; //Support Location
		$center = $_POST['txtCenter']; //Support Center


		header("Location: workers/project_support.php?cid=$customerID&tid=$ticketID&spid=$supportPlanID&prt=$projectType&rto=$requestTypeOther&des=$description&pte=$projectTenure&pst=$projectStartType&prs=$projectStart&prl=$projectLocation&cen=$center&pix=$Picture&cna=$contactName&cno=$contactNumber&cem=$contactEmail&spl=$supportLocation");
		break;
	// case "Track Device":

	// 	//$trackID = $_POST['txtTrackID'];
	// 	$ticketID = $_POST['txtTicketID'];
	// 	$customerID = $_POST['txtCustomerID'];
	// 	//$technicianID = $_POST['txtTechnicianID'];
	// 	$technicianID = "QE00100100";
	// 	$finishDate = $_POST['txtDateTime'];

	// 	//echo $trackID . ", " . $ticketID . ", " . $customerID . ", " . $technicianID;
	// 	header("Location: workers/tracking.php?tcid=$ticketID&cid=$customerID&teid=$technicianID&fid=$finishDate");

	// 	break;
	case "Create Backup":
		$CustomerID = $_POST['txtCustomerID'];
		$DeviceTypeID = $_POST['txtDeviceTypeID'];
		$DeviceTypeInfo = $_POST['txtDeviceTypeInfo'];
		$DeviceBrandID = $_POST['txtDeviceBrandID'];
		$DeviceBrandInfo = $_POST['txtDeviceBrandInfo'];
		$DeviceModel = $_POST['txtDeviceModel'];
		$BackupContent = $_POST['txtBackupContent'];
		$ContentType = $_POST['txtContentType'];
		$DateTime = $_POST['txtDateTime'];
		$BackupLocation = $_POST['txtBackupLocation'];
		$Info = $_POST['txtInfo'];

		//echo $CustomerID . ", " . $DeviceTypeID . ", " . $DeviceTypeInfo . ", " . $DeviceBrandID . ", " . $DeviceBrandInfo . ", " . $DeviceModel . ", " . $OS . $When . $DateTime . $BackupLocation;

		header("Location: workers/backup.php?cid=$CustomerID&did=$DeviceTypeID&dti=$DeviceTypeInfo&dbi=$DeviceBrandID&dbid=$DeviceBrandInfo&dim=$DeviceModel&bc=$BackupContent&ct=$ContentType&dtm=$DateTime&bl=$BackupLocation&oi=$Info");
		break;

	case "Make Payment":
		$paymentID = $_POST['txtPaymentID'];
		$paymentMethod = $_POST['txtPaymentMethod'];
		$customerID = $_POST['txtCustomerID'];

		header("Location: workers/pay.php?pid=$paymentID&pam=$paymentMethod&cus=$customerID");

		break;
	case "Rate Performance":

		//$customerID;
		$technicianID = $_POST['txtTechnicianID'];
		$ticketID = $_POST['txtTicketID'];
		$ratingNumber = $_POST['txtRating'];
		$comments = $_POST['txtComments'];

		$data = "cid=$customerID&tid=$ticketID&tech=$technicianID&rat=$ratingNumber&com=$comments";
		header("Location: workers/rating.php?$data");

		break;
	
	case 'Change Password':
		if (empty($customerID)) {
			$_SESSION['log_err'] = "Invalid Customer Credentials";
			header("Location: ../../account/login.php");
		}else {
			$password = $_POST['txtPassword'];
			$confirmPassword = $_POST['txtConfirmPassword'];

			if ($password != $confirmPassword) {
				$_SESSION['err'] = "Passwords do not match.";
				header("Location: ../password");
			}else {
				header("Location: workers/change_password.php?cid=$customerID&pword=$password&cpword=$confirmPassword");
			}
		}
		break;
	case 'Report Technician':
		//echo $command . ", " . $techUserID . ", " . $ticketID;
		if (empty($customerID)) {
			$_SESSION['log_err'] = "Invalid Technician Credentials";
			header("Location: ../../account/login.php");
		}else {
			$ticketID = $_POST['txtTicketID'];
			$complain = $_POST['txtComplain'];
			header("Location: workers/complain.php?tid=$customerID&tick=$ticketID&com=$complain");
		}
		break;
	default:
		# code...
		break;
}
?>