-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhelp.php
More file actions
118 lines (96 loc) · 4.08 KB
/
help.php
File metadata and controls
118 lines (96 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
session_start();
require_once 'DbConnector.php';
require_once __DIR__ . '/config/env.php';
loadEnv(__DIR__ . '/.env');
$dbHost = getenv('DB_HOST');
$dbUser = getenv('DB_USER');
$dbPass = getenv('DB_PASS');
$dbName = getenv('DB_NAME');
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}
$db = new DbConnector($dbHost, $dbUser, $dbPass, $dbName);
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$stmt = $db->prepare("SELECT username FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$message = "";
$success = false;
$rateLimitSeconds = 60;
$canSubmit = true;
$stmt = $db->prepare("SELECT created_at FROM support_tickets WHERE user_id = ? ORDER BY created_at DESC LIMIT 1");
$stmt->execute([$_SESSION['user_id']]);
$lastTicket = $stmt->fetch(PDO::FETCH_ASSOC);
if ($lastTicket) {
$lastTime = strtotime($lastTicket['created_at']);
if (time() - $lastTime < $rateLimitSeconds) {
$remaining = $rateLimitSeconds - (time() - $lastTime);
$message = "Attendi ancora $remaining secondi prima di inviare un'altra segnalazione.";
$success = false;
$canSubmit = false;
}
}
if ($_SERVER["REQUEST_METHOD"] === "POST" &&
isset($_POST["csrf_token"]) &&
hash_equals($_SESSION["csrf_token"], $_POST["csrf_token"]) &&
$canSubmit) {
$subject = substr(trim($_POST["subject"] ?? ""), 0, 100);
$content = substr(trim($_POST["message"] ?? ""), 0, 1000);
$posted_username = trim($_POST["username"] ?? '');
if ($posted_username !== $user['username']) {
$message = "Errore: utente non valido.";
$success = false;
} elseif ($subject === "" || $content === "") {
$message = "Per favore, compila tutti i campi.";
$success = false;
} else {
try {
$stmt = $db->prepare("INSERT INTO support_tickets (user_id, subject, message) VALUES (?, ?, ?)");
$stmt->execute([$_SESSION["user_id"], $subject, $content]);
$success = true;
$message = "Segnalazione inviata con successo! Un amministratore ti risponderà al più presto.";
header("Location: dashboard.php");
exit;
} catch (PDOException $e) {
$message = "Errore durante l'invio: " . htmlspecialchars($e->getMessage());
$success = false;
}
}
}
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Assistenza - NextStudy</title>
<link rel="stylesheet" href="assets/css/help.css">
<link rel="icon" type="image/png" href="./assets/images/logo_nextstudy.png">
</head>
<body>
<div class="help-wrapper">
<div class="help-container">
<h2>Richiedi assistenza</h2>
<?php if ($message): ?>
<div class="message <?= $success ? 'success' : 'error' ?>">
<?= htmlspecialchars($message); ?>
</div>
<?php endif; ?>
<form method="POST" action="">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']); ?>">
<label for="username">Utente</label>
<input type="text" id="username" name="username" value="<?= htmlspecialchars($user['username']); ?>" readonly>
<label for="subject">Oggetto</label>
<input type="text" id="subject" name="subject" placeholder="Es: Problema con la dashboard" required>
<label for="message">Descrizione del problema</label>
<textarea id="message" name="message" placeholder="Descrivi il problema nel dettaglio..." required></textarea>
<button type="submit">Invia segnalazione</button>
</form>
</div>
</div>
</body>
</html>