prepare("INSERT INTO support_tickets (user_id, subject, message, priority, status, created_at) VALUES (?, ?, ?, ?, 'Open', NOW())"); $stmt->bind_param("isss", $user_id, $subject, $message, $priority); if ($stmt->execute()) { header("Location: tickets.php?status=created"); exit(); } else { die("Error creating ticket: " . $conn->error); } } else { header("Location: tickets.php?error=empty_fields"); exit(); } } // ======================================================== // 2. HANDLE TICKET REPLY // ======================================================== if (isset($_POST['add_reply'])) { $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT); $message = trim($_POST['message']); // Validation if (empty($ticket_id) || empty($message)) { header("Location: ticket_view.php?id=$ticket_id&error=empty_message"); exit(); } // 1. Verify ticket belongs to user (Security Check) // Or if you are an admin, you'd skip this check. $check = $conn->prepare("SELECT id FROM support_tickets WHERE id = ? AND user_id = ?"); $check->bind_param("ii", $ticket_id, $user_id); $check->execute(); $res = $check->get_result(); if ($res->num_rows === 0) { die("Error: Ticket not found or access denied."); } $check->close(); // 2. Insert Reply $stmt = $conn->prepare("INSERT INTO ticket_replies (ticket_id, user_id, message, created_at) VALUES (?, ?, ?, NOW())"); $stmt->bind_param("iis", $ticket_id, $user_id, $message); if ($stmt->execute()) { // 3. Update Ticket "Last Updated" Time $update = $conn->prepare("UPDATE support_tickets SET updated_at = NOW() WHERE id = ?"); $update->bind_param("i", $ticket_id); $update->execute(); // Redirect back to the ticket view header("Location: ticket_view.php?id=$ticket_id&status=reply_added"); exit(); } else { die("Error saving reply: " . $conn->error); } } // If accessed directly without POST header("Location: tickets.php"); exit(); ?>