Upload
arron-brown
View
215
Download
0
Embed Size (px)
Citation preview
Multifarious Sytems Project, Fall 20051
Multifarious Call Multifarious Call Ticket SystemTicket System
Valentino SawneyJaemar MillerDuroseme Taylor
Multifarious Sytems Project, Fall 20052
Introduction Introduction IT departments need to keep track of problem
that occur throughout the company. The solution; a database
– Secure access– Log of all problems:
TypeSolutionStatus
– Dynamic knowledge base (future implementation)
Multifarious Sytems Project, Fall 20053
AgendaAgendaSetupAccessTechnician / Administrator
– Create new call/ticket– Update call– Close a call– Search
CallsKnowledge base
Multifarious Sytems Project, Fall 20054
Administrator only– Add technician– Add problem type
Agenda - cntdAgenda - cntd
Multifarious Sytems Project, Fall 20055
Overview – TasksOverview – Tasks Valentino
– Database and Web server implementation
– Password encryption
– Administrator access Duroseme
– Login
– Menu
– .css file
– DB access file Jaemar
– Call system management Add new ticket; update, search, delete and close ticket
Multifarious Sytems Project, Fall 20056
Overview – Organizational ChartOverview – Organizational Chart
Call Ticket System
Technician
Administrator
Search Tickets Modify Tickets Create new tickets Delete Tickets
Add Category Add Technician
Top level All access
Limited access
Multifarious Sytems Project, Fall 20057
LoginLogin login.php
<?php include("top.php"); ?><script Language="JavaScript"><!—function Form_Validator(loginform){ if (loginform.username.value == "")
{ alert("Please enter a value for the \"User Name\" field.");loginform.username.focus();return (false);
}if (loginform.password.value == ""){ alert("Please enter a value for the \"Password\" field.");
loginform.password.focus();return (false);
}return (true);}//--></script>
<link rel="stylesheet" type="text/css" href="css/callcenterreloaded.css"></head><body> <h3>Call Center Reloaded- Tech Login</h3> <br><br><form name="loginform" method="post" action="loginroutine.php" onsubmit="return Form_Validator(this)">
<div align="center"> <table border="0" bgcolor="#003399" cellpadding="0" cellspacing="1" width="300"><tr> <td><table border="0" bgcolor="#ffffff" cellpadding="10" cellspacing="1" width="100%"><tr> <td align="right"><strong>user name :</strong></td><td><input type="text" name="username" size="20"></td> </tr> <tr> <td align="right"><strong>password :</strong></td> <td><input type="password" name="password" size="20"></td> <tr> <td> </td> <td align="center"><input type="submit" name="login" value="login"></td></tr> </tr> </table> </td></tr> </table>
</form> </body> </html> <?php include("base.php"); ?>
Aligns the pages
Displays the HTML login form
Display error messages. No empty fields
Verify username and password
Login form
Login form – without .css file
Multifarious Sytems Project, Fall 20058
Login - cntdLogin - cntd logininroutine.php
<?php ob_start();include("dataaccess.php"); ?><h3>Call Center Reloaded- User Login</h3><?php$username = "";$password = "";if(!empty($_POST)){
if (!empty($_POST['username']))$username = $_POST['username'];
if (!empty($_POST['password']))$password = $_POST['password']; $password = base64_encode($password);
dbconnect();$result = mysql_query("select * from technician where technicianname='" . $username . "' and technicianpassword='" . $password . "'" . mysql_error());while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$techid = $row['technicianid'];$elevated = $row['elevatedaccess'];
}if (!$result)
die('Invalid query: ' . mysql_error());if (mysql_num_rows($result) > 0 ) {
session_start(); session_register("tech_session");$_SESSION['who'] = 'tech';$_SESSION['techid'] = $techid;$_SESSION['elevated'] = $elevated;
header("Location: opencalls.php");}else
header("Location: login.php");ob_end_flush() ;
}?>
Connects to the DB
Encrypts the password before it is sent over the net
Transforms the binary results form mysql_fetch_array to text
Closes the DB and flushes the temp variables
Multifarious Sytems Project, Fall 20059
menu.php<?php session_start();$who = "";if (session_is_registered("tech_session"))
$who = 'tech';$elevated = $_SESSION['elevated'];
if (session_is_registered("admin_session"))$who = 'admin';
if (($who== 'tech') || ($who == 'admin')){?><link rel="stylesheet" type="text/css" href="css/callcenterreloaded.css"><table id="menu" align="center" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><td><a href="entercall.php">Enter New Call</a></td> <td><a href="opencalls.php"> View Open Calls</a> </td> <td><a href="closedcalls.php">View Closed Calls</a> </td> <td><a href="search.php">Search Calls</a> </td> <td><a href="knowledge.php">Knowledge Base</a></td> <?php } if ($elevated == 'yes') { ?> <td><a href="controlpanel.php">Control Panel</a></td><?php } ?> </tr></table>
Technician screen
Administrator access
Multifarious Sytems Project, Fall 200510
Add new problem category
For administrators only; more filter options
Multifarious Sytems Project, Fall 200511
List.phpList.php if(!empty($HTTP_GET_VARS)) { if ($HTTP_GET_VARS["action"] <> "") $action = $HTTP_GET_VARS["action"]; if (!empty($HTTP_GET_VARS["num"])) $num = $HTTP_GET_VARS["num"]; if ($HTTP_GET_VARS["tablename"] <> "") $table = $HTTP_GET_VARS["tablename"]; if ($HTTP_GET_VARS["tablename"] <> "") $key = $HTTP_GET_VARS["key"]; }
Uses GET method to transfer variables between scripts. Less coding!! But easy to hack. MYSQL injections
Multifarious Sytems Project, Fall 200512
insert.php<?php include("top.php"); ?><?pp include("menu.php"); include("dataaccess.php"); ?><?php $strAction = "list";
$num = 1;$table = "";$key = "";if(!empty($HTTP_GET_VARS)){
if ($HTTP_GET_VARS["action"] <> "")$action = $HTTP_GET_VARS["action"];
if (!empty($HTTP_GET_VARS["num"]))$num = $HTTP_GET_VARS["num"];
if ($HTTP_GET_VARS["tablename"] <> "")$table = $HTTP_GET_VARS["tablename"];
if ($HTTP_GET_VARS["tablename"] <> "")$key = $HTTP_GET_VARS["key"];
}$url = "insertroutine.php";if(!empty($_POST)){
if (trim($table) == "" ){
if ($_POST["tablename"] <> "")$table = $_POST["tablename"];
}if (trim($num) == "" )
$num = $_POST["num"];if (trim($key) == "" )
$key = $_POST["key"];}echo "<div align=center>";echo "Create New " . $table . " Record<BR><BR>";echo "<form name=insertForm action=" . $url . " method=POST>";echo "<input type=hidden name=tablename value=" . $table . ">";echo "<input type=hidden name=key value=" . $key . ">";echo "<input type=hidden name=num value=" . $num . ">";echo "<input type=hidden name=action value=insertExec>";echo "<table>";
Multifarious Sytems Project, Fall 200513
dbConnect();$result = mysql_query("Select * from " . $table . mysql_error());if (!$result){
die('Invalid formation of Select query in editInsert: ' . mysql_error());}
$columns = mysql_num_fields($result);for ($i = 0; $i < mysql_num_fields($result); $i++) { if ( mysql_field_name($result, $i) <> $key)
{ if (mysql_field_name($result, $i) == "elevatedaccess") {
echo "<tr><td>" . mysql_field_name($result, $i) . "</td>"; echo "<td><select name=" . mysql_field_name($result,
$i) . "><option value='no'>no</option><option value='yes'>yes</option></select>"; } else {echo "<tr><td>" . mysql_field_name($result, $i) . "</td>";echo "<td><input type=text name=" . mysql_field_name($result, $i) .
"></td></tr>";}
}}echo "</table><p> </p><input type=SUBMIT value=Create></form>";echo "<p> </p></body></html>";
mysql_free_result($result);
mysql_close();?>
Multifarious Sytems Project, Fall 200514
dataaccess.php <?php function dbConnect(){ $link=mysql_connect('localhost','junior' , 'keebee1785'); if (!$link) { Error_handler('Error connecting to database server' , $link ); }mysql_select_db('find', $link);}?>
Multifarious Sytems Project, Fall 200515
Call SystemCall System
This section is where the user was able to enter a request for assistance with a problem
entercall.phpentercallroutine.phpclosedcalls.phpdeletecall.phpsearch.phpupdatecall.php
Multifarious Sytems Project, Fall 200516
entercall.phpentercall.phpIncludes other php documents in the file
Time values which are hidden from the user
Multifarious Sytems Project, Fall 200517
entercall.phpentercall.php  is a HTML tag that was used to create some space between the buttons
Multifarious Sytems Project, Fall 200518
entercallroutine.phpentercallroutine.php
entercallroutine.php is where the form from entercall.php post the information supplied by the user
MySQL query that inserts the attributes of a new call into the database
Setting values to variables that was sent from PHP file using form action=POST.
Multifarious Sytems Project, Fall 200519
closedcalls.phpclosedcalls.php
closedcalls.php was design to search through the database, using MySQL, and populate a table with the results obtain
MySQL query will store the values in an array
Multifarious Sytems Project, Fall 200520
deletecall.phpdeletecall.php
Whenever a call needs to be removed from the database the deletecall.php file is called.
Multifarious Sytems Project, Fall 200521
search.phpsearch.php
Whenever the user need to search through the database, the search.php was executed.
The function checks for method POST or GET and assigns values, Variables are initially set to “ ” blank string
<?phpfunction whereorand($i){ $strwhere = ""; if ($i == 0) $strwhere = " where "; else if ($i > 0) $strwhere = " and "; return $strwhere;}?>
Multifarious Sytems Project, Fall 200522
search.phpsearch.php
Multifarious Sytems Project, Fall 200523
search.phpsearch.php
The listdropdownwithempty is a funtion loaded form functions.php
Multifarious Sytems Project, Fall 200524
updatecall.phpupdatecall.php
Whenever a call need to be update a then the updatecall.php was execute
Multifarious Sytems Project, Fall 200525
ConclusionConclusion
Logout optionImplement growing knowledge baseImplement calls time-estimate featureExpand administrator report featureInclude a third user category – rest of
company; they can access the application to report problems
Multifarious Sytems Project, Fall 200526
QUESTIONS?