<?php
require_once './Includes/auth.php';
require_once './Includes/rbac.php';
redirect_if_not_logged_in();
if (!can_create_requests()) {
die('<div class="alert alert-error">Access Denied</div>');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$workflow_id = intval($_POST['workflow_id']);
$user_id = get_current_user_id();
$dateInserted = date('Y-m-d H:i:s');
// get first state
$state_sql = "SELECT pk_state FROM workflowManager_State
WHERE fk_Workflow_transitionsThrough = $workflow_id
ORDER BY stateNumber ASC LIMIT 1";
$state_result = mysqli_query($conn, $state_sql);
$state_row = mysqli_fetch_assoc($state_result);
$state_id = $state_row['pk_state'];
// insert request
$req_sql = "INSERT INTO workflowManager_Request
(fk_Workflow_triggers, fk_State_progressesThrough, fk_User_submittedBy, dateInserted)
VALUES ($workflow_id, $state_id, $user_id, '$dateInserted')";
mysqli_query($conn, $req_sql);
// return the request id of the current query and save it in the $request_id variable
$request_id = mysqli_insert_id($conn);
// insert data fields
foreach ($_POST as $key => $value) {
if (strpos($key, 'field_') === 0) {
$field_id = str_replace('field_', '', $key);
$escaped_value = mysqli_real_escape_string($conn, $value);
$data_sql = "INSERT INTO workflowManager_Data
(fk_Request_contains, fk_Field_define, value)
VALUES ($request_id, $field_id, '$escaped_value')";
mysqli_query($conn, $data_sql);
}
}
echo "<div class='alert alert-success'>Request submitted successfully!</div>";
}
$workflows_sql = "SELECT pk_workflow, title FROM workflowManager_Workflow";
$workflows_result = mysqli_query($conn, $workflows_sql);
?>
<h2>Submit New Request</h2>
<form method="POST" id="request-form">
<div class="form-group">
<label for="workflow">Workflow:</label>
<select name="workflow_id" id="select-workflow" required>
<optgroup label="-- Select Workflow --"></optgroup>
<?php while ($wf = mysqli_fetch_assoc($workflows_result)): ?>
<option value="<?= $wf['pk_workflow'] ?>">
<?= htmlspecialchars($wf['title']) ?></option>
<?php endwhile; ?>
</select>
</div>
<div id="workflow-fields-container" class="workflow-fields"></div>
<button type="submit" class="btn">Submit Request</button>
</form>
<script>
document.getElementById('select-workflow').addEventListener('change', function() {
const workflowId = this.value;
const container = document.getElementById('workflow-fields-container');
container.innerHTML = '';
if (workflowId) {
fetch(`Ajax/get_fields.php?workflow_id=${workflowId}`)
.then(response => response.text())
.then(html => {
container.innerHTML = html;
});
}
});
</script>