multifarious sytems project, fall 2005 1 multifarious call ticket system valentino sawney jaemar...

Multifarious Sytems Project, Fall 20051

Multifarious Call Multifarious Call Ticket SystemTicket System

Valentino SawneyJaemar MillerDuroseme Taylor


Introduction Introduction IT departments need to keep track of problem

that occur throughout the company. The solution; a database

– Secure access– Log of all problems:

TypeSolutionStatus

– Dynamic knowledge base (future implementation)


AgendaAgendaSetupAccessTechnician / Administrator

– Create new call/ticket– Update call– Close a call– Search

CallsKnowledge base


Administrator only– Add technician– Add problem type

Agenda - cntdAgenda - cntd


Overview – TasksOverview – Tasks Valentino

– Database and Web server implementation

– Password encryption

– Administrator access Duroseme

– Login

– Menu

– .css file

– DB access file Jaemar

– Call system management Add new ticket; update, search, delete and close ticket


Overview – Organizational ChartOverview – Organizational Chart

Call Ticket System

Technician

Administrator

Search Tickets Modify Tickets Create new tickets Delete Tickets

Add Category Add Technician

Top level All access

Limited access


LoginLogin login.php

<?php include("top.php"); ?><script Language="JavaScript"><!—function Form_Validator(loginform){ if (loginform.username.value == "")

{ alert("Please enter a value for the \"User Name\" field.");loginform.username.focus();return (false);

}if (loginform.password.value == ""){ alert("Please enter a value for the \"Password\" field.");

loginform.password.focus();return (false);

}return (true);}//--></script>

<link rel="stylesheet" type="text/css" href="css/callcenterreloaded.css"></head><body> <h3>Call Center Reloaded- Tech Login</h3> <br><br><form name="loginform" method="post" action="loginroutine.php" onsubmit="return Form_Validator(this)">

<div align="center"> <table border="0" bgcolor="#003399" cellpadding="0" cellspacing="1" width="300"><tr> <td><table border="0" bgcolor="#ffffff" cellpadding="10" cellspacing="1" width="100%"><tr> <td align="right"><strong>user name :</strong></td><td><input type="text" name="username" size="20"></td> </tr> <tr> <td align="right"><strong>password :</strong></td> <td><input type="password" name="password" size="20"></td> <tr> <td> </td> <td align="center"><input type="submit" name="login" value="login"></td></tr> </tr> </table> </td></tr> </table>

</form> </body> </html> <?php include("base.php"); ?>

Aligns the pages

Displays the HTML login form

Display error messages. No empty fields

Verify username and password

Login form

Login form – without .css file


Login - cntdLogin - cntd logininroutine.php

<?php ob_start();include("dataaccess.php"); ?><h3>Call Center Reloaded- User Login</h3><?php$username = "";$password = "";if(!empty($_POST)){

if (!empty($_POST['username']))$username = $_POST['username'];

if (!empty($_POST['password']))$password = $_POST['password']; $password = base64_encode($password);

dbconnect();$result = mysql_query("select * from technician where technicianname='" . $username . "' and technicianpassword='" . $password . "'" . mysql_error());while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){

$techid = $row['technicianid'];$elevated = $row['elevatedaccess'];

}if (!$result)

die('Invalid query: ' . mysql_error());if (mysql_num_rows($result) > 0 ) {

session_start(); session_register("tech_session");$_SESSION['who'] = 'tech';$_SESSION['techid'] = $techid;$_SESSION['elevated'] = $elevated;

header("Location: opencalls.php");}else

header("Location: login.php");ob_end_flush() ;

}?>

Connects to the DB

Encrypts the password before it is sent over the net

Transforms the binary results form mysql_fetch_array to text

Closes the DB and flushes the temp variables


menu.php<?php session_start();$who = "";if (session_is_registered("tech_session"))

$who = 'tech';$elevated = $_SESSION['elevated'];

if (session_is_registered("admin_session"))$who = 'admin';

if (($who== 'tech') || ($who == 'admin')){?><link rel="stylesheet" type="text/css" href="css/callcenterreloaded.css"><table id="menu" align="center" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><td><a href="entercall.php">Enter New Call</a></td> <td><a href="opencalls.php"> View Open Calls</a> </td> <td><a href="closedcalls.php">View Closed Calls</a> </td> <td><a href="search.php">Search Calls</a> </td> <td><a href="knowledge.php">Knowledge Base</a></td> <?php } if ($elevated == 'yes') { ?> <td><a href="controlpanel.php">Control Panel</a></td><?php } ?> </tr></table>

Technician screen

Administrator access


Add new problem category

For administrators only; more filter options


List.phpList.php if(!empty($HTTP_GET_VARS)) { if ($HTTP_GET_VARS["action"] <> "") $action = $HTTP_GET_VARS["action"]; if (!empty($HTTP_GET_VARS["num"])) $num = $HTTP_GET_VARS["num"]; if ($HTTP_GET_VARS["tablename"] <> "") $table = $HTTP_GET_VARS["tablename"]; if ($HTTP_GET_VARS["tablename"] <> "") $key = $HTTP_GET_VARS["key"]; }

Uses GET method to transfer variables between scripts. Less coding!! But easy to hack. MYSQL injections


insert.php<?php include("top.php"); ?><?pp include("menu.php"); include("dataaccess.php"); ?><?php $strAction = "list";

$num = 1;$table = "";$key = "";if(!empty($HTTP_GET_VARS)){

if ($HTTP_GET_VARS["action"] <> "")$action = $HTTP_GET_VARS["action"];

if (!empty($HTTP_GET_VARS["num"]))$num = $HTTP_GET_VARS["num"];

if ($HTTP_GET_VARS["tablename"] <> "")$table = $HTTP_GET_VARS["tablename"];

if ($HTTP_GET_VARS["tablename"] <> "")$key = $HTTP_GET_VARS["key"];

}$url = "insertroutine.php";if(!empty($_POST)){

if (trim($table) == "" ){

if ($_POST["tablename"] <> "")$table = $_POST["tablename"];

}if (trim($num) == "" )

$num = $_POST["num"];if (trim($key) == "" )

$key = $_POST["key"];}echo "<div align=center>";echo "Create New " . $table . " Record<BR><BR>";echo "<form name=insertForm action=" . $url . " method=POST>";echo "<input type=hidden name=tablename value=" . $table . ">";echo "<input type=hidden name=key value=" . $key . ">";echo "<input type=hidden name=num value=" . $num . ">";echo "<input type=hidden name=action value=insertExec>";echo "<table>";


dbConnect();$result = mysql_query("Select * from " . $table . mysql_error());if (!$result){

die('Invalid formation of Select query in editInsert: ' . mysql_error());}

$columns = mysql_num_fields($result);for ($i = 0; $i < mysql_num_fields($result); $i++) { if ( mysql_field_name($result, $i) <> $key)

{ if (mysql_field_name($result, $i) == "elevatedaccess") {

echo "<tr><td>" . mysql_field_name($result, $i) . "</td>"; echo "<td><select name=" . mysql_field_name($result,

$i) . "><option value='no'>no</option><option value='yes'>yes</option></select>"; } else {echo "<tr><td>" . mysql_field_name($result, $i) . "</td>";echo "<td><input type=text name=" . mysql_field_name($result, $i) .

"></td></tr>";}

}}echo "</table><p> </p><input type=SUBMIT value=Create></form>";echo "<p> </p></body></html>";

mysql_free_result($result);

mysql_close();?>


dataaccess.php <?php function dbConnect(){ $link=mysql_connect('localhost','junior' , 'keebee1785'); if (!$link) { Error_handler('Error connecting to database server' , $link ); }mysql_select_db('find', $link);}?>


Call SystemCall System

This section is where the user was able to enter a request for assistance with a problem

entercall.phpentercallroutine.phpclosedcalls.phpdeletecall.phpsearch.phpupdatecall.php


entercall.phpentercall.phpIncludes other php documents in the file

Time values which are hidden from the user


entercall.phpentercall.php&nbsp is a HTML tag that was used to create some space between the buttons


entercallroutine.phpentercallroutine.php

entercallroutine.php is where the form from entercall.php post the information supplied by the user

MySQL query that inserts the attributes of a new call into the database

Setting values to variables that was sent from PHP file using form action=POST.


closedcalls.phpclosedcalls.php

closedcalls.php was design to search through the database, using MySQL, and populate a table with the results obtain

MySQL query will store the values in an array


deletecall.phpdeletecall.php

Whenever a call needs to be removed from the database the deletecall.php file is called.


search.phpsearch.php

Whenever the user need to search through the database, the search.php was executed.

The function checks for method POST or GET and assigns values, Variables are initially set to “ ” blank string

<?phpfunction whereorand($i){ $strwhere = ""; if ($i == 0) $strwhere = " where "; else if ($i > 0) $strwhere = " and "; return $strwhere;}?>



The listdropdownwithempty is a funtion loaded form functions.php


updatecall.phpupdatecall.php

Whenever a call need to be update a then the updatecall.php was execute


ConclusionConclusion

Logout optionImplement growing knowledge baseImplement calls time-estimate featureExpand administrator report featureInclude a third user category – rest of

company; they can access the application to report problems


QUESTIONS?

multifarious sytems project, fall 2005 1 multifarious call ticket system valentino sawney jaemar...

Documents