MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/main/worker/workers/project_support.php
<?php
session_start();
require_once('server/customer.php'); // Connection variable ($cus)
require_once('server/utilities.php'); // Connection variable ($utl)
require_once('server/issues.php'); // Connnection Variable ($iss)

$cid = mysqli_real_escape_string($cus, $_GET['cid']);
$ticketID = mysqli_real_escape_string($cus, $_GET['tid']);
$supportPlanID = mysqli_real_escape_string($cus, $_GET['spid']);
$projectType = mysqli_real_escape_string($cus, $_GET['prt']);//start
$projectTypeOther = mysqli_real_escape_string($cus, $_GET['rto']);
$description = mysqli_real_escape_string($cus, $_GET['des']);
$projectTenure = mysqli_real_escape_string($cus, $_GET['pte']);
$projectStartType = mysqli_real_escape_string($cus, $_GET['pst']);
$projectStart = mysqli_real_escape_string($cus, $_GET['prs']);
$projectLocation = mysqli_real_escape_string($cus, $_GET['prl']);
$Document = mysqli_real_escape_string($cus, $_GET['pix']);

$contactName = mysqli_real_escape_string($cus, $_GET['cna']);
$contactNumber = mysqli_real_escape_string($cus, $_GET['cno']);
$contactEmail = mysqli_real_escape_string($cus, $_GET['cem']);
$supportLocation = mysqli_real_escape_string($cus, $_GET['spl']);
$center = mysqli_real_escape_string($cus, $_GET['cen']);

if(empty($cid)){
	$_SESSION['log_err'] = "User Account Could Not Be Verified! Please Login and Try Again!";
	header("Location: ../../../account/login.php");
}else{
	$sql = mysqli_query($cus, "SELECT * FROM tblcustomer WHERE CustomerID = '$cid'");
	$seen = mysqli_fetch_assoc($sql);
	if($seen){
		if(empty($cid)|| empty($ticketID) || empty($supportPlanID) || empty($projectType) || empty($description) || empty($projectTenure) || empty($projectStartType) || empty($projectLocation) || empty($contactName) || empty($contactNumber) || empty($contactEmail) || empty($supportLocation)){
			$_SESSION['req_err'] = "Please fill in the fields with * Astericks";
			header("Location: ../../project/new.php");
		}else{
			$issue = mysqli_query($iss, "INSERT INTO tblprojects
			 (TicketID, CustomerID, SupportPlanID, ProjectTypeID, ProjectTypeOther, Description, ProjectTenure, ProjectStartType, ProjectStart, ProjectLocation, Document, StatusFlag, AssignStatus, Payment, PaymentStatus, Center) 
			 VALUES
			 ('$ticketID', '$cid', $supportPlanID, $projectType, '$projectTypeOther', '$description', $projectTenure, $projectStartType, '$projectStart', '$projectLocation', '$Document', 0, 0, 'Not Applicable', 'Not Applicable', $center)
			 ");

			$supportinfo = mysqli_query($iss, "INSERT INTO tblsupportinfo
			 (TicketID, SupportName, SupportNumber, SupportEmail, SupportLocation)
			 VALUES
			 ('$ticketID', '$contactName', '$contactNumber', '$contactEmail', '$supportLocation')
			 ");

			if($issue && $supportinfo){
				// $_SESSION['req_suc'] = "Thank you for contactiong QIS. Your Support ID is " . $ticketID . ". We will contact you soon";
				// header("Location: ../../project/success.php");
					// rid means request ID: 1 = Helpdesk Request, 2 = Project Support
					header("Location: server/mailer/?rid=2&tid=$ticketID");
			}else{
				$_SESSION['req_err'] = "There was a problem logging your request!!!";
				header("Location: ../../project/new.php");
			}
		}
	}else{
		$_SESSION['req_err'] = "Invalid User Account, Please Re-Login";
		header("Location: ../../../account/login.php");
	}
}

?>