helpers/Database.php

<?php
/**
 * Database Connection Factory
 *
 * Centralizes database connection creation and management.
 * Provides a singleton connection for the request lifecycle.
 */
class Database {
    private static ?mysqli $connection = null;

    /**
     * Get database connection (singleton pattern)
     *
     * @return mysqli Database connection
     * @throws Exception If connection fails
     */
    public static function getConnection(): mysqli {
        if (self::$connection === null) {
            self::$connection = self::createConnection();
        }

        // Check if connection is still alive
        if (!self::$connection->ping()) {
            self::$connection = self::createConnection();
        }

        return self::$connection;
    }

    /**
     * Create a new database connection
     *
     * @return mysqli Database connection
     * @throws Exception If connection fails
     */
    private static function createConnection(): mysqli {
        // Ensure config is loaded
        if (!isset($GLOBALS['config'])) {
            require_once dirname(__DIR__) . '/config/config.php';
        }

        $conn = new mysqli(
            $GLOBALS['config']['DB_HOST'],
            $GLOBALS['config']['DB_USER'],
            $GLOBALS['config']['DB_PASS'],
            $GLOBALS['config']['DB_NAME']
        );

        if ($conn->connect_error) {
            throw new Exception("Database connection failed: " . $conn->connect_error);
        }

        // Set charset to utf8mb4 for proper Unicode support
        $conn->set_charset('utf8mb4');

        return $conn;
    }

    /**
     * Close the database connection
     */
    public static function close(): void {
        if (self::$connection !== null) {
            self::$connection->close();
            self::$connection = null;
        }
    }

    /**
     * Begin a transaction
     *
     * @return bool Success
     */
    public static function beginTransaction(): bool {
        return self::getConnection()->begin_transaction();
    }

    /**
     * Commit a transaction
     *
     * @return bool Success
     */
    public static function commit(): bool {
        return self::getConnection()->commit();
    }

    /**
     * Rollback a transaction
     *
     * @return bool Success
     */
    public static function rollback(): bool {
        return self::getConnection()->rollback();
    }

    /**
     * Execute a query and return results
     *
     * @param string $sql SQL query with placeholders
     * @param string $types Parameter types (i=int, s=string, d=double, b=blob)
     * @param array $params Parameters to bind
     * @return mysqli_result|bool Query result
     */
    public static function query(string $sql, string $types = '', array $params = []) {
        $conn = self::getConnection();

        if (empty($types) || empty($params)) {
            return $conn->query($sql);
        }

        $stmt = $conn->prepare($sql);
        if (!$stmt) {
            throw new Exception("Query preparation failed: " . $conn->error);
        }

        $stmt->bind_param($types, ...$params);
        $stmt->execute();

        $result = $stmt->get_result();
        $stmt->close();

        return $result;
    }

    /**
     * Execute an INSERT/UPDATE/DELETE and return affected rows
     *
     * @param string $sql SQL query with placeholders
     * @param string $types Parameter types
     * @param array $params Parameters to bind
     * @return int Affected rows (-1 on failure)
     */
    public static function execute(string $sql, string $types = '', array $params = []): int {
        $conn = self::getConnection();

        $stmt = $conn->prepare($sql);
        if (!$stmt) {
            throw new Exception("Query preparation failed: " . $conn->error);
        }

        if (!empty($types) && !empty($params)) {
            $stmt->bind_param($types, ...$params);
        }

        if ($stmt->execute()) {
            $affected = $stmt->affected_rows;
            $stmt->close();
            return $affected;
        }

        $error = $stmt->error;
        $stmt->close();
        throw new Exception("Query execution failed: " . $error);
    }

    /**
     * Get the last insert ID
     *
     * @return int Last insert ID
     */
    public static function lastInsertId(): int {
        return self::getConnection()->insert_id;
    }

    // escape() removed — use prepared statements with bind_param() instead
}
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`<?php`
			`/**`
			`* Database Connection Factory`
			`*`
			`* Centralizes database connection creation and management.`
			`* Provides a singleton connection for the request lifecycle.`
			`*/`
			`class Database {`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`private static ?mysqli $connection = null;`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00
			`/**`
			`* Get database connection (singleton pattern)`
			`*`
			`* @return mysqli Database connection`
			`* @throws Exception If connection fails`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function getConnection(): mysqli {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`if (self::$connection === null) {`
			`self::$connection = self::createConnection();`
			`}`

			`// Check if connection is still alive`
			`if (!self::$connection->ping()) {`
			`self::$connection = self::createConnection();`
			`}`

			`return self::$connection;`
			`}`

			`/**`
			`* Create a new database connection`
			`*`
			`* @return mysqli Database connection`
			`* @throws Exception If connection fails`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`private static function createConnection(): mysqli {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`// Ensure config is loaded`
			`if (!isset($GLOBALS['config'])) {`
			`require_once dirname(__DIR__) . '/config/config.php';`
			`}`

			`$conn = new mysqli(`
			`$GLOBALS['config']['DB_HOST'],`
			`$GLOBALS['config']['DB_USER'],`
			`$GLOBALS['config']['DB_PASS'],`
			`$GLOBALS['config']['DB_NAME']`
			`);`

			`if ($conn->connect_error) {`
			`throw new Exception("Database connection failed: " . $conn->connect_error);`
			`}`

			`// Set charset to utf8mb4 for proper Unicode support`
			`$conn->set_charset('utf8mb4');`

			`return $conn;`
			`}`

			`/**`
			`* Close the database connection`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function close(): void {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`if (self::$connection !== null) {`
			`self::$connection->close();`
			`self::$connection = null;`
			`}`
			`}`

			`/**`
			`* Begin a transaction`
			`*`
			`* @return bool Success`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function beginTransaction(): bool {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`return self::getConnection()->begin_transaction();`
			`}`

			`/**`
			`* Commit a transaction`
			`*`
			`* @return bool Success`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function commit(): bool {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`return self::getConnection()->commit();`
			`}`

			`/**`
			`* Rollback a transaction`
			`*`
			`* @return bool Success`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function rollback(): bool {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`return self::getConnection()->rollback();`
			`}`

			`/**`
			`* Execute a query and return results`
			`*`
			`* @param string $sql SQL query with placeholders`
			`* @param string $types Parameter types (i=int, s=string, d=double, b=blob)`
			`* @param array $params Parameters to bind`
			`* @return mysqli_result\|bool Query result`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function query(string $sql, string $types = '', array $params = []) {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`$conn = self::getConnection();`

			`if (empty($types) \|\| empty($params)) {`
			`return $conn->query($sql);`
			`}`

			`$stmt = $conn->prepare($sql);`
			`if (!$stmt) {`
			`throw new Exception("Query preparation failed: " . $conn->error);`
			`}`

			`$stmt->bind_param($types, ...$params);`
			`$stmt->execute();`

			`$result = $stmt->get_result();`
			`$stmt->close();`

			`return $result;`
			`}`

			`/**`
			`* Execute an INSERT/UPDATE/DELETE and return affected rows`
			`*`
			`* @param string $sql SQL query with placeholders`
			`* @param string $types Parameter types`
			`* @param array $params Parameters to bind`
			`* @return int Affected rows (-1 on failure)`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function execute(string $sql, string $types = '', array $params = []): int {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`$conn = self::getConnection();`

			`$stmt = $conn->prepare($sql);`
			`if (!$stmt) {`
			`throw new Exception("Query preparation failed: " . $conn->error);`
			`}`

			`if (!empty($types) && !empty($params)) {`
			`$stmt->bind_param($types, ...$params);`
			`}`

			`if ($stmt->execute()) {`
			`$affected = $stmt->affected_rows;`
			`$stmt->close();`
			`return $affected;`
			`}`

			`$error = $stmt->error;`
			`$stmt->close();`
			`throw new Exception("Query execution failed: " . $error);`
			`}`

			`/**`
			`* Get the last insert ID`
			`*`
			`* @return int Last insert ID`
			`*/`
Add PHP 7.4+ type hints to helpers, models, and middleware Added strict typing with parameter types, return types, and property types across all core classes: - helpers: Database, ErrorHandler, CacheHelper - models: TicketModel, UserModel, WorkflowModel, TemplateModel, UserPreferencesModel - middleware: RateLimitMiddleware, CsrfMiddleware, SecurityHeadersMiddleware Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 11:04:36 -05:00			`public static function lastInsertId(): int {`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`return self::getConnection()->insert_id;`
			`}`

Integrate web_template design system and fix security/quality issues Security fixes: - Add HTTP method validation to delete_comment.php (block CSRF via GET) - Remove $_GET fallback in comment deletion (was CSRF bypass vector) - Guard session_start() with session_status() check across API files - Escape json_encode() data attributes with htmlspecialchars in views - Escape inline APP_TIMEZONE config values in DashboardView/TicketView - Validate timezone param against DateTimeZone::listIdentifiers() in index.php - Remove Database::escape() (was using real_escape_string, not safe) - Fix AttachmentModel hardcoded connection; inject via constructor Backend fixes: - Fix CommentModel bind_param type for ticket_id (s→i) - Fix buildCommentThread orphan parent guard - Fix StatsModel JOIN→LEFT JOIN so unassigned tickets aren't excluded - Add ticket ID validation in BulkOperationsModel before implode() - Add duplicate key retry in TicketModel::createTicket() for race conditions - Wrap SavedFiltersModel default filter changes in transactions - Add null result guards in WorkflowModel query methods Frontend JS: - Rewrite toast.js as lt.toast shim (base.js dependency) - Delegate escapeHtml() to lt.escHtml() - Rewrite keyboard-shortcuts.js using lt.keys.on() - Migrate settings.js to lt.api.* and lt.modal.open/close() - Migrate advanced-search.js to lt.api.* and lt.modal.open/close() - Migrate dashboard.js fetch calls to lt.api.*; update all dynamic modals (bulk ops, quick actions, confirm/input) to lt-modal structure - Migrate ticket.js fetchMentionUsers to lt.api.get() - Remove console.log/error/warn calls from JS files Views: - Add /web_template/base.css and base.js to all 10 view files - Call lt.keys.initDefaults() in DashboardView, TicketView, admin views - Migrate all modal HTML from settings-modal/settings-content to lt-modal-overlay/lt-modal/lt-modal-header/lt-modal-body/lt-modal-footer - Replace style="display:none" with aria-hidden="true" on all modals - Replace modal open/close style.display with lt.modal.open/close() - Update modal buttons to lt-btn lt-btn-primary/lt-btn-ghost classes - Remove manual ESC keydown handlers (replaced by lt.keys.initDefaults) - Fix unescaped timezone values in TicketView inline script Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 23:22:24 -04:00			`// escape() removed — use prepared statements with bind_param() instead`
Add caching layer and database helper - Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 10:53:26 -05:00			`}`