Ticket System in PHP - #5 Ticket Processing

Introduction:

This tutorial is the final part in my ticket system via PHP tutorial. This part will be covering processing the ticket.

Ticket Information:

We are already sending the email to the entered 'forgot password' reset form containing the ticket ID. This ticket ID links to the customer account through the column value of 'User'. It should also be noted that the email address only receives an email with the ticket number, and not a URL. So now we need a way for the user to enter their ticket ID.

Ticket Form:

We already have a password reset form so now we are going to edit this to allow the user to enter a ticket. The current form we have is:
  1. <form action='reset.php' method='POST'>
  2. <input type='password' placeholder='Password' name='password1' />
  3. <input type='password' placeholder='Password2' name='password2' />
  4. <input type='submit' value='Reset Password' name='resetPassword' />
  5. </form>
Let's add another input of type 'text' for the ticket...
  1. <input type='text' placeholder='Ticket' name='ticket' />

Processing:

The final step of this project is processing the ticket information. First we check to see if the user has submitted the above form...
  1. <?php
  2. if (isSet($_POST['resetPassword'])) {
  3.  
  4. }
  5. ?>
Next we check to see if the passwords match. If they do, we sanitise the string for security, and md5 hash/encrypt it ready to be entered in to our database table for the user...
  1. if ($_POST['password'] == $_POST['password2']) {
  2. $pass = md5(strip_tags($_POST['password']));
  3. }
Now we want to check to see if the ticket is valid, we'll call a function and then create it...
  1. $uID = ticketValid();
  2. if ($uID >= 1) {
  3.  
  4. }
  1. function ticketValid() {
  2. if (isSet($_POST['ticket'])) {
  3. $ticket = strip_tags($_POST['ticket']);
  4. $q = mysqli_query($con, "SELECT * FROM `tickets` WHERE `Ticket`='$ticket'");
  5. if ($q && mysqli_num_rows($q) > 0) {
  6. return (int) mysqli_fetch_array($con, $q)['User'];
  7. }
  8. }
  9. return 0;
  10. }
The above code first sets a new variable 'uID' to the value returned from the 'ticketValid' function. It then checks the variable to see if it's higher than or equal to one (1) (greater than zero (0)). The function we have just created simply checks if the ticket exists, and it does, it returns the value 'User' from the table ticket's record. Other it returns zero (0) as an error. Now if the ticket is valid, we have the user ID. We simply set their password to the newly entered and md5 hashed password. We also output any appropriate messages...
  1. $qq = mysqli_query($con, "UPDATE `users` SET `password`='$pass' WHERE `id`='$uID'");
  2. if ($qq) {
  3. echo 'Updated password successfully!';
  4. }else{
  5. echo 'Failed.';
  6. }

Finished!

Add new comment