File: /home/rtbrisc/public_html/admin/main/worker/workers/rating.php
<?php
session_start();
require_once('server/customer.php'); // Connection variable ($cus)
require_once('server/utilities.php'); // Connection variable ($utl)
require_once('server/issues.php'); // Connnection Variable ($iss)
//cid=$customerID&tid=$ticketID&tech=$technicianID&rat=$ratingNumber&com=$comments
$cid = mysqli_real_escape_string($iss, $_GET['cid']);
$tid = mysqli_real_escape_string($iss, $_GET['tid']);
$tech = mysqli_real_escape_string($iss, $_GET['tech']);
$rat = mysqli_real_escape_string($iss, $_GET['rat']);
$com = mysqli_real_escape_string($iss, $_GET['com']);
//echo $cid . " - " . $tid . " - " . $tech . " - " . $rat . " - " . $com;
if(empty($cid)){
$_SESSION['log_err'] = "Invalid user account. Please Login";
header("Location: ../../../account/login.php");
}else{
if(empty($cid) || empty($tid) || empty($tech) || empty($rat)){
$_SESSION['rat_err'] = "All Fields Are Required!!!";
header("Location: ../../rating/rate.php?tid=$tech&tick=$tid");
}else{
$check = mysqli_query($iss, "SELECT * FROM tblrating WHERE CustomerID = '$cid' && TicketID = '$tid'");
$seen = mysqli_fetch_assoc($check);
if($seen){
$_SESSION['rat_err'] = "This service has been rated.";
header("Location: ../../rating/rate.php?tid=$tech&tick=$tid");
}else{
$rate = mysqli_query($iss, "INSERT INTO tblrating (CustomerID, TechnicianID, TicketID, Stars, Comments)
VALUES
('$cid', '$tech', '$tid', '$rat', '$com')");
$update = mysqli_query($iss, "UPDATE tblsupporttrip SET Rating = 1 WHERE TicketID = '$tid' && TechnicianID = '$tech'");
if($rate && $update){
$_SESSION['rat_suc'] = "Customer Service Rating Was Successfull!!!";
header("Location: ../../rating/success.php");
}else{
$_SESSION['rat_err'] = "There was a problem rating this service!!!";
header("Location: ../../rating/rate.php?tid=$tech&tick=$tid");
}
}
}
}
?>