<?php
require_login();
$search_query = $_GET['q'] ?? '';
$results = [];
$total_results = 0;
if (!empty($search_query)) {
$search_term = '%' . $search_query . '%';
// Build the search query based on user permissions (its based on permission but only admin can search)
// too lazy to remove again
if (is_admin()) {
// Admin can see all requests
$sql = "SELECT DISTINCT
r.pk_Request,
r.is_closed,
w.title as workflow_title,
s.title as state_title,
u.firstName,
u.lastName,
u.email,
GROUP_CONCAT(DISTINCT CONCAT(f.label, ': ', d.value) SEPARATOR ' | ') as form_data
FROM TICKET_Request r
JOIN TICKET_Workflow w ON r.fk_Workflow = w.pk_Workflow
JOIN TICKET_State s ON r.fk_State = s.pk_State
JOIN TICKET_User u ON r.fk_User = u.pk_User
LEFT JOIN TICKET_Data d ON r.pk_Request = d.fk_Request
LEFT JOIN TICKET_Field f ON d.fk_Field = f.id_field
WHERE (w.title LIKE ?
OR s.title LIKE ?
OR u.firstName LIKE ?
OR u.lastName LIKE ?
OR u.email LIKE ?
OR d.value LIKE ?)
GROUP BY r.pk_Request
ORDER BY r.pk_Request DESC
LIMIT 50";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'ssssss', $search_term, $search_term, $search_term, $search_term, $search_term, $search_term);
} else {
// Regular users can only see their own requests and requests assigned to their group
$user_id = $_SESSION['user_id'];
$user_group = $_SESSION['user_group_id'] ?? null;
$sql = "SELECT DISTINCT
r.pk_Request,
r.is_closed,
w.title as workflow_title,
s.title as state_title,
u.firstName,
u.lastName,
u.email,
GROUP_CONCAT(DISTINCT CONCAT(f.label, ': ', d.value) SEPARATOR ' | ') as form_data
FROM TICKET_Request r
JOIN TICKET_Workflow w ON r.fk_Workflow = w.pk_Workflow
JOIN TICKET_State s ON r.fk_State = s.pk_State
JOIN TICKET_User u ON r.fk_User = u.pk_User
LEFT JOIN TICKET_Data d ON r.pk_Request = d.fk_Request
LEFT JOIN TICKET_Field f ON d.fk_Field = f.id_field
LEFT JOIN TICKET_StateActor sa ON s.pk_State = sa.fk_State
WHERE (w.title LIKE ?
OR s.title LIKE ?
OR u.firstName LIKE ?
OR u.lastName LIKE ?
OR u.email LIKE ?
OR d.value LIKE ?)
AND (r.fk_User = ?
OR (sa.fk_Group = ? AND sa.actorType = 'GROUP')
OR (sa.fk_User = ? AND sa.actorType = 'USER'))
GROUP BY r.pk_Request
ORDER BY r.pk_Request DESC
LIMIT 50";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'ssssssiiii', $search_term, $search_term, $search_term, $search_term, $search_term, $search_term, $user_id, $user_group, $user_id);
}
if ($stmt) {
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($result)) {
$results[] = $row;
}
$total_results = count($results);
mysqli_stmt_close($stmt);
}
}
?>
<div class="search-page">
<div class="search-header">
<h1>Search Tickets</h1>
<form method="GET" action="index.php" class="search-form-large">
<input type="hidden" name="page" value="search">
<div class="search-input-group">
<input
type="text"
name="q"
placeholder="Search by workflow, state, user, or form data..."
class="search-input-large"
value="<?= htmlspecialchars($search_query) ?>"
autofocus
>
<button type="submit" class="search-btn">
🔍 Search
</button>
</div>
</form>
</div>
<?php if (!empty($search_query)): ?>
<?php if ($total_results > 0): ?>
<div class="results-summary">
<p>Found <strong><?= $total_results ?></strong> result<?= $total_results !== 1 ? 's' : '' ?> for "<strong><?= htmlspecialchars($search_query) ?></strong>"</p>
</div>
<div class="search-results-list">
<?php foreach ($results as $result): ?>
<div class="search-result-item">
<div class="result-header">
<h3>
<a href="index.php?page=request_handle&id=<?= $result['pk_Request'] ?>">
<?= htmlspecialchars($result['workflow_title']) ?>
</a>
</h3>
<div class="result-meta">
<span class="result-status status-<?= $result['is_closed'] ? 'closed' : 'open' ?>">
<?= $result['is_closed'] ? 'Closed' : 'Open' ?>
</span>
</div>
</div>
<div class="result-content">
<div class="result-details">
<p><strong>Current State:</strong> <?= htmlspecialchars($result['state_title']) ?></p>
<p><strong>Requester:</strong> <?= htmlspecialchars($result['firstName'] . ' ' . $result['lastName']) ?> (<?= htmlspecialchars($result['email']) ?>)</p>
<p><strong>Request ID:</strong> #<?= $result['pk_Request'] ?></p>
<?php if (!empty($result['form_data'])): ?>
<p><strong>Form Data:</strong> <?= htmlspecialchars($result['form_data']) ?></p>
<?php endif; ?>
</div>
</div>
</div>
<?php endforeach; ?>
</div>
<?php else: ?>
<div class="no-results">
<div class="no-results-icon">🔍</div>
<h3>No results found</h3>
<p>We couldn't find any tickets matching "<strong><?= htmlspecialchars($search_query) ?></strong>"</p>
<div class="search-tips">
<h4>Search Tips:</h4>
<ul>
<li>Try different keywords or phrases</li>
<li>Check your spelling</li>
<li>Use broader search terms</li>
<li>Search by requester name or email</li>
<li>Try searching for workflow or state names</li>
</ul>
</div>
</div>
<?php endif; ?>
<?php else: ?>
<div class="search-welcome">
<div class="search-welcome-icon">🎯</div>
<h2>Search Your Tickets</h2>
<p>Enter keywords to search across workflows, states, users, and form data.</p>
</div>
<?php endif; ?>
</div>