mirror of
https://github.com/getnamingo/registry.git
synced 2025-08-04 08:41:50 +02:00
Security fixes in CP
This commit is contained in:
Pinga
parent
ca1654a4eb
commit
25c736b68b
14 changed files with 194 additions and 91 deletions
|
|
@ -755,6 +755,14 @@ class ApplicationsController extends Controller
|
|||
|
||||
$csrfTokenName = $this->container->get('csrf')->getTokenName();
|
||||
$csrfTokenValue = $this->container->get('csrf')->getTokenValue();
|
||||
|
||||
if (strpos($domain['name'], 'xn--') === 0) {
|
||||
$domain['punycode'] = $domain['name'];
|
||||
$domain['name'] = idn_to_utf8($domain['name'], IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
|
||||
} else {
|
||||
$domain['punycode'] = $domain['name'];
|
||||
}
|
||||
$_SESSION['applications_to_update'] = [$domain['punycode']];
|
||||
|
||||
return view($response,'admin/domains/updateApplication.twig', [
|
||||
'domain' => $domain,
|
||||
|
|
@ -784,7 +792,12 @@ class ApplicationsController extends Controller
|
|||
// Retrieve POST data
|
||||
$data = $request->getParsedBody();
|
||||
$db = $this->container->get('db');
|
||||
$domainName = $data['domainName'] ?? null;
|
||||
if (!empty($_SESSION['applications_to_update'])) {
|
||||
$domainName = $_SESSION['applications_to_update'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No application specified for update');
|
||||
return $response->withHeader('Location', '/applications')->withStatus(302);
|
||||
}
|
||||
$domain_id = $db->selectValue('SELECT id FROM application WHERE name = ?', [$domainName]);
|
||||
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
|
|
@ -948,7 +961,8 @@ class ApplicationsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['applications_to_update']);
|
||||
$this->container->get('flash')->addMessage('success', 'Application ' . $domainName . ' has been updated successfully on ' . $update);
|
||||
return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -504,7 +504,9 @@ class ContactsController extends Controller
|
|||
[ $contact['id'] ]);
|
||||
$contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?',
|
||||
[ $contact['id'] ]);
|
||||
|
||||
|
||||
$_SESSION['contacts_to_update'] = [$contact['identifier']];
|
||||
|
||||
$responseData = [
|
||||
'contact' => $contact,
|
||||
'contactStatus' => $contactStatus,
|
||||
|
|
@ -585,7 +587,9 @@ class ContactsController extends Controller
|
|||
[ $contact['id'] ]);
|
||||
$contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?',
|
||||
[ $contact['id'] ]);
|
||||
|
||||
|
||||
$_SESSION['contacts_to_validate'] = [$contact['identifier']];
|
||||
|
||||
$responseData = [
|
||||
'contact' => $contact,
|
||||
'contactStatus' => $contactStatus,
|
||||
|
|
@ -676,7 +680,12 @@ class ContactsController extends Controller
|
|||
// Get the current URI
|
||||
$uri = $request->getUri()->getPath();
|
||||
|
||||
$identifier = trim($data['identifier']);
|
||||
if (!empty($_SESSION['contacts_to_validate'])) {
|
||||
$identifier = $_SESSION['contacts_to_validate'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No contact specified for validation');
|
||||
return $response->withHeader('Location', '/contacts')->withStatus(302);
|
||||
}
|
||||
|
||||
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $identifier)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid contact ID format');
|
||||
|
|
@ -720,7 +729,8 @@ class ContactsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['contacts_to_validate']);
|
||||
$this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been validated successfully on ' . $stamp);
|
||||
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
|
||||
|
||||
|
|
@ -741,7 +751,12 @@ class ContactsController extends Controller
|
|||
$db = $this->container->get('db');
|
||||
$iso3166 = new ISO3166();
|
||||
$countries = $iso3166->all();
|
||||
$identifier = $data['identifier'] ?? null;
|
||||
if (!empty($_SESSION['contacts_to_update'])) {
|
||||
$identifier = $_SESSION['contacts_to_update'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No contact specified for update');
|
||||
return $response->withHeader('Location', '/contacts')->withStatus(302);
|
||||
}
|
||||
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
|
@ -1077,7 +1092,8 @@ class ContactsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['contacts_to_update']);
|
||||
$this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been updated successfully on ' . $update);
|
||||
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1087,6 +1087,8 @@ class DomainsController extends Controller
|
|||
} else {
|
||||
$domain['punycode'] = $domain['name'];
|
||||
}
|
||||
$_SESSION['domains_to_update'] = [$domain['punycode']];
|
||||
|
||||
return view($response,'admin/domains/updateDomain.twig', [
|
||||
'domain' => $domain,
|
||||
'domainStatus' => $domainStatus,
|
||||
|
|
@ -1117,9 +1119,14 @@ class DomainsController extends Controller
|
|||
// Retrieve POST data
|
||||
$data = $request->getParsedBody();
|
||||
$db = $this->container->get('db');
|
||||
$domainName = $data['domainName'] ?? null;
|
||||
if (!empty($_SESSION['domains_to_update'])) {
|
||||
$domainName = $_SESSION['domains_to_update'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No domain specified for update');
|
||||
return $response->withHeader('Location', '/domains')->withStatus(302);
|
||||
}
|
||||
$domain_id = $db->selectValue('SELECT id FROM domain WHERE name = ?', [$domainName]);
|
||||
|
||||
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
$domain_clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
|
||||
|
|
@ -1598,7 +1605,8 @@ class DomainsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['domains_to_update']);
|
||||
$this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' has been updated successfully on ' . $update);
|
||||
return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302);
|
||||
}
|
||||
|
|
@ -1707,7 +1715,13 @@ class DomainsController extends Controller
|
|||
// Retrieve POST data
|
||||
$data = $request->getParsedBody();
|
||||
$db = $this->container->get('db');
|
||||
$domainName = $data['domainName'] ?? null;
|
||||
if (!empty($_SESSION['domains_to_renew'])) {
|
||||
$domainName = $_SESSION['domains_to_renew'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No domain specified for renewal');
|
||||
return $response->withHeader('Location', '/domains')->withStatus(302);
|
||||
}
|
||||
|
||||
$renewalYears = $data['renewalYears'] ?? null;
|
||||
|
||||
$parts = extractDomainAndTLD($domainName);
|
||||
|
|
@ -1729,7 +1743,7 @@ class DomainsController extends Controller
|
|||
} else {
|
||||
$clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
|
||||
}
|
||||
|
||||
|
||||
$date_add = 0;
|
||||
$date_add = ($renewalYears * 12);
|
||||
|
||||
|
|
@ -1852,7 +1866,8 @@ class DomainsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during renew: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/domain/renew/'.$domainName)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['domains_to_renew']);
|
||||
$this->container->get('flash')->addMessage('success','Domain ' . $domainName . ' has been renewed for ' . $renewalYears . ' ' . ($renewalYears > 1 ? 'years' : 'year'));
|
||||
return $response->withHeader('Location', '/domains')->withStatus(302);
|
||||
}
|
||||
|
|
@ -1922,6 +1937,8 @@ class DomainsController extends Controller
|
|||
} else {
|
||||
$domain['punycode'] = $domain['name'];
|
||||
}
|
||||
$_SESSION['domains_to_renew'] = [$domain['punycode']];
|
||||
|
||||
return view($response,'admin/domains/renewDomain.twig', [
|
||||
'domain' => $domain,
|
||||
'domainStatus' => $domainStatus,
|
||||
|
|
|
|||
|
|
@ -391,6 +391,8 @@ class HostsController extends Controller
|
|||
} else {
|
||||
$host['punycode'] = $host['name'];
|
||||
}
|
||||
$_SESSION['hosts_to_update'] = [$host['punycode']];
|
||||
|
||||
return view($response,'admin/hosts/updateHost.twig', [
|
||||
'host' => $host,
|
||||
'hostIPv4' => $hostIPv4,
|
||||
|
|
@ -415,7 +417,12 @@ class HostsController extends Controller
|
|||
// Retrieve POST data
|
||||
$data = $request->getParsedBody();
|
||||
$db = $this->container->get('db');
|
||||
$hostName = $data['hostName'] ?? null;
|
||||
if (!empty($_SESSION['hosts_to_update'])) {
|
||||
$hostName = $_SESSION['hosts_to_update'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No host specified for update');
|
||||
return $response->withHeader('Location', '/hosts')->withStatus(302);
|
||||
}
|
||||
$host_id = $db->selectValue('SELECT id FROM host WHERE name = ?', [$hostName]);
|
||||
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
|
|
@ -430,15 +437,21 @@ class HostsController extends Controller
|
|||
|
||||
$ipv4 = $data['ipv4'] ?? null;
|
||||
$ipv6 = $data['ipv6'] ?? null;
|
||||
|
||||
// Validate IPv4 address
|
||||
if ($ipv4 !== null && !filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
|
||||
// Check if both IPv4 and IPv6 are empty or null
|
||||
if (empty($ipv4) && empty($ipv6)) {
|
||||
$this->container->get('flash')->addMessage('error', 'At least one IP address (IPv4 or IPv6) is required');
|
||||
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
|
||||
}
|
||||
|
||||
// Validate IPv4 address, if provided
|
||||
if (!empty($ipv4) && !filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid IPv4 address');
|
||||
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
|
||||
}
|
||||
|
||||
// Validate IPv6 address
|
||||
if ($ipv6 !== null && !filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
// Validate IPv6 address, if provided
|
||||
if (!empty($ipv6) && !filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid IPv6 address');
|
||||
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
|
||||
}
|
||||
|
|
@ -446,56 +459,73 @@ class HostsController extends Controller
|
|||
try {
|
||||
$db->beginTransaction();
|
||||
|
||||
if (isset($ipv4) && !empty($ipv4)) {
|
||||
$ipv4 = normalize_v4_address($ipv4);
|
||||
|
||||
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v4'", [$host_id]);
|
||||
|
||||
if ($does_it_exist) {
|
||||
$db->update(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv4
|
||||
],
|
||||
[
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v4'
|
||||
]
|
||||
);
|
||||
if (isset($ipv4)) {
|
||||
if (!empty($ipv4)) {
|
||||
$ipv4 = normalize_v4_address($ipv4);
|
||||
|
||||
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v4'", [$host_id]);
|
||||
|
||||
if ($does_it_exist) {
|
||||
$db->update(
|
||||
'host_addr',
|
||||
['addr' => $ipv4],
|
||||
[
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v4'
|
||||
]
|
||||
);
|
||||
} else {
|
||||
$db->insert(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv4,
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v4'
|
||||
]
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$db->insert(
|
||||
// If $ipv4 is set but is an empty string, delete the existing IPv4 address entry
|
||||
$db->delete(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv4,
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v4'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (isset($ipv6) && !empty($ipv6)) {
|
||||
$ipv6 = normalize_v6_address($ipv6);
|
||||
|
||||
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v6'", [$host_id]);
|
||||
|
||||
if ($does_it_exist) {
|
||||
$db->update(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv6
|
||||
],
|
||||
[
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v6'
|
||||
]
|
||||
);
|
||||
if (isset($ipv6)) {
|
||||
if (!empty($ipv6)) {
|
||||
$ipv6 = normalize_v6_address($ipv6);
|
||||
|
||||
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v6'", [$host_id]);
|
||||
|
||||
if ($does_it_exist) {
|
||||
$db->update(
|
||||
'host_addr',
|
||||
['addr' => $ipv6],
|
||||
[
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v6'
|
||||
]
|
||||
);
|
||||
} else {
|
||||
$db->insert(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv6,
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v6'
|
||||
]
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$db->insert(
|
||||
// If $ipv6 is set but is an empty string, delete the existing IPv6 address entry
|
||||
$db->delete(
|
||||
'host_addr',
|
||||
[
|
||||
'addr' => $ipv6,
|
||||
'host_id' => $host_id,
|
||||
'ip' => 'v6'
|
||||
]
|
||||
|
|
@ -521,7 +551,8 @@ class HostsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['hosts_to_update']);
|
||||
$this->container->get('flash')->addMessage('success', 'Host ' . $hostName . ' has been updated successfully on ' . $update);
|
||||
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -395,19 +395,22 @@ class RegistrarsController extends Controller
|
|||
$whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?",
|
||||
[ $registrar['id'] ]);
|
||||
|
||||
return view($response,'admin/registrars/updateRegistrar.twig', [
|
||||
'registrar' => $registrar,
|
||||
'contacts' => $contacts,
|
||||
'ote' => $ote,
|
||||
'user' => $user,
|
||||
'whitelist' => $whitelist,
|
||||
'currentUri' => $uri,
|
||||
'countries' => $countries
|
||||
]);
|
||||
} else {
|
||||
// Registrar does not exist, redirect to the registrars view
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
$_SESSION['registrars_to_update'] = [$registrar['clid']];
|
||||
$_SESSION['registrars_user_email'] = [$user['email']];
|
||||
|
||||
return view($response,'admin/registrars/updateRegistrar.twig', [
|
||||
'registrar' => $registrar,
|
||||
'contacts' => $contacts,
|
||||
'ote' => $ote,
|
||||
'user' => $user,
|
||||
'whitelist' => $whitelist,
|
||||
'currentUri' => $uri,
|
||||
'countries' => $countries
|
||||
]);
|
||||
} else {
|
||||
// Registrar does not exist, redirect to the registrars view
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
} else {
|
||||
// Redirect to the registrars view
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
|
|
@ -424,7 +427,12 @@ class RegistrarsController extends Controller
|
|||
// Retrieve POST data
|
||||
$data = $request->getParsedBody();
|
||||
$db = $this->container->get('db');
|
||||
$registrar = $data['reg_clid'] ?? null;
|
||||
if (!empty($_SESSION['registrars_to_update'])) {
|
||||
$registrar = $_SESSION['registrars_to_update'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No registrar specified for update');
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
|
||||
$data['ipAddress'] = array_filter($data['ipAddress']);
|
||||
$iso3166 = new ISO3166();
|
||||
|
|
@ -497,6 +505,13 @@ class RegistrarsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', $errorText);
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
|
||||
if (!empty($_SESSION['registrars_user_email'])) {
|
||||
$regEmail = $_SESSION['registrars_user_email'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No email specified for update');
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
|
||||
$db->beginTransaction();
|
||||
|
||||
|
|
@ -634,7 +649,7 @@ class RegistrarsController extends Controller
|
|||
'password' => $panelPassword,
|
||||
],
|
||||
[
|
||||
'email' => $data['reg_email']
|
||||
'email' => $regEmail
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
@ -645,7 +660,9 @@ class RegistrarsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
unset($_SESSION['registrars_to_update']);
|
||||
unset($_SESSION['registrars_user_email']);
|
||||
$this->container->get('flash')->addMessage('success', 'Registrar ' . $data['name'] . ' has been updated successfully on ' . $update);
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ class SupportController extends Controller
|
|||
ORDER BY tr.date_created DESC', [$ticketNumber]);
|
||||
$category = $db->selectValue('SELECT name FROM ticket_categories WHERE id = ?', [$ticket['category_id']]);
|
||||
|
||||
// Default view for GET requests or if POST data is not set
|
||||
$_SESSION['current_ticket'] = [$ticket['id']];
|
||||
return view($response,'admin/support/viewTicket.twig', [
|
||||
'ticket' => $ticket,
|
||||
'replies' => $replies,
|
||||
|
|
@ -158,7 +158,12 @@ class SupportController extends Controller
|
|||
$uri = $request->getUri()->getPath();
|
||||
$categories = $db->select("SELECT * FROM ticket_categories");
|
||||
|
||||
$ticket_id = $data['ticket_id'] ?? null;
|
||||
if (!empty($_SESSION['current_ticket'])) {
|
||||
$ticket_id = $_SESSION['current_ticket'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No ticket selected');
|
||||
return $response->withHeader('Location', '/support')->withStatus(302);
|
||||
}
|
||||
$responseText = $data['responseText'] ?? null;
|
||||
|
||||
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
|
@ -217,6 +222,7 @@ class SupportController extends Controller
|
|||
// send message
|
||||
Mail::send($mailsubject, $message, $from, $to);
|
||||
|
||||
unset($_SESSION['current_ticket']);
|
||||
$this->container->get('flash')->addMessage('success', 'Reply has been posted successfully on ' . $crdate);
|
||||
return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302);
|
||||
} catch (Exception $e) {
|
||||
|
|
@ -236,7 +242,12 @@ class SupportController extends Controller
|
|||
$uri = $request->getUri()->getPath();
|
||||
$categories = $db->select("SELECT * FROM ticket_categories");
|
||||
|
||||
$ticket_id = $data['ticket_id'] ?? null;
|
||||
if (!empty($_SESSION['current_ticket'])) {
|
||||
$ticket_id = $_SESSION['current_ticket'][0];
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'No ticket selected');
|
||||
return $response->withHeader('Location', '/support')->withStatus(302);
|
||||
}
|
||||
$action = $data['action'] ?? null;
|
||||
|
||||
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
|
@ -294,6 +305,7 @@ class SupportController extends Controller
|
|||
'id' => $ticket_id
|
||||
]
|
||||
);
|
||||
unset($_SESSION['current_ticket']);
|
||||
$this->container->get('flash')->addMessage('success', 'Ticket has been reopened successfully');
|
||||
return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302);
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue