api/update_ticket.php

<?php
// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 0); // Don't display errors in the response

// Apply rate limiting
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

// Start output buffering to capture any errors
ob_start();

try {
    // Load config
    $configPath = dirname(__DIR__) . '/config/config.php';
    require_once $configPath;
    require_once dirname(__DIR__) . '/helpers/Database.php';

    // Load models directly with absolute paths
    $ticketModelPath = dirname(__DIR__) . '/models/TicketModel.php';
    $commentModelPath = dirname(__DIR__) . '/models/CommentModel.php';
    $auditLogModelPath = dirname(__DIR__) . '/models/AuditLogModel.php';
    $workflowModelPath = dirname(__DIR__) . '/models/WorkflowModel.php';

    require_once $ticketModelPath;
    require_once $commentModelPath;
    require_once $auditLogModelPath;
    require_once $workflowModelPath;

    // Check authentication via session
    if (session_status() === PHP_SESSION_NONE) {
        session_start();
    }
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        throw new Exception("Authentication required");
    }

    // CSRF Protection
    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
    if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
        $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
        if (!CsrfMiddleware::validateToken($csrfToken)) {
            http_response_code(403);
            header('Content-Type: application/json');
            echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
            exit;
        }
    }

    $currentUser = $_SESSION['user'];
    $userId = $currentUser['user_id'];
    $isAdmin = $currentUser['is_admin'] ?? false;

    // Updated controller class that handles partial updates
    class ApiTicketController {
        private $ticketModel;
        private $commentModel;
        private $auditLog;
        private $workflowModel;
        private $userId;
        private $isAdmin;
        private $currentUser;

        public function __construct($conn, $userId = null, $isAdmin = false, $currentUser = []) {
            $this->ticketModel = new TicketModel($conn);
            $this->commentModel = new CommentModel($conn);
            $this->auditLog = new AuditLogModel($conn);
            $this->workflowModel = new WorkflowModel($conn);
            $this->userId = $userId;
            $this->isAdmin = $isAdmin;
            $this->currentUser = $currentUser;
        }

        public function update($id, $data) {
            // First, get the current ticket data to fill in missing fields
            $currentTicket = $this->ticketModel->getTicketById($id);
            if (!$currentTicket) {
                return [
                    'success' => false,
                    'error' => 'Ticket not found'
                ];
            }

            // Visibility check: return 404 for tickets the user cannot access
            if (!$this->ticketModel->canUserAccessTicket($currentTicket, $this->currentUser)) {
                return [
                    'success' => false,
                    'error' => 'Ticket not found',
                    'http_status' => 404
                ];
            }

            // Authorization: admins can edit any ticket; others only their own or assigned
            if (!$this->isAdmin
                && (int)$currentTicket['created_by'] !== (int)$this->userId
                && (int)$currentTicket['assigned_to'] !== (int)$this->userId
            ) {
                return [
                    'success' => false,
                    'error' => 'Permission denied'
                ];
            }

            // Merge current data with updates, keeping existing values for missing fields
            $updateData = [
                'ticket_id' => $id,
                'title' => $data['title'] ?? $currentTicket['title'],
                'description' => $data['description'] ?? $currentTicket['description'],
                'category' => $data['category'] ?? $currentTicket['category'],
                'type' => $data['type'] ?? $currentTicket['type'],
                'status' => $data['status'] ?? $currentTicket['status'],
                'priority' => isset($data['priority']) ? (int)$data['priority'] : (int)$currentTicket['priority']
            ];

            // Validate required fields
            if (empty($updateData['title'])) {
                return [
                    'success' => false,
                    'error' => 'Title cannot be empty'
                ];
            }
            
            // Validate priority range
            if ($updateData['priority'] < 1 || $updateData['priority'] > 5) {
                return [
                    'success' => false,
                    'error' => 'Priority must be between 1 and 5'
                ];
            }
            
            // Validate status transition using workflow model
            if ($currentTicket['status'] !== $updateData['status']) {
                $allowed = $this->workflowModel->isTransitionAllowed(
                    $currentTicket['status'],
                    $updateData['status'],
                    $this->isAdmin
                );

                if (!$allowed) {
                    return [
                        'success' => false,
                        'error' => 'Status transition not allowed: ' . $currentTicket['status'] . ' → ' . $updateData['status']
                    ];
                }
            }

            // Update ticket with user tracking and optional optimistic locking
            $expectedUpdatedAt = $data['expected_updated_at'] ?? null;
            $result = $this->ticketModel->updateTicket($updateData, $this->userId, $expectedUpdatedAt);

            // Handle conflict case
            if (!$result['success']) {
                $response = [
                    'success' => false,
                    'error' => $result['error'] ?? 'Failed to update ticket in database'
                ];
                if (!empty($result['conflict'])) {
                    $response['conflict'] = true;
                    $response['current_updated_at'] = $result['current_updated_at'] ?? null;
                }
                return $response;
            }

            // Handle visibility update if provided
            if (isset($data['visibility'])) {
                $visibilityGroups = $data['visibility_groups'] ?? null;
                // Convert array to comma-separated string if needed
                if (is_array($visibilityGroups)) {
                    $visibilityGroups = implode(',', array_map('trim', $visibilityGroups));
                }

                // Validate internal visibility requires groups
                if ($data['visibility'] === 'internal' && (empty($visibilityGroups) || trim($visibilityGroups) === '')) {
                    return [
                        'success' => false,
                        'error' => 'Internal visibility requires at least one group to be specified'
                    ];
                }

                $visResult = $this->ticketModel->updateVisibility($id, $data['visibility'], $visibilityGroups, $this->userId);
                if ($visResult && $this->userId) {
                    $this->auditLog->log(
                        $this->userId, 'update', 'ticket', (string)$id,
                        [
                            'field'      => 'visibility',
                            'from'       => $currentTicket['visibility'] ?? 'public',
                            'to'         => $data['visibility'],
                            'groups'     => $visibilityGroups
                        ]
                    );
                }
            }

            // Log ticket update to audit log — only the changed fields (delta)
            if ($this->userId) {
                $trackFields = ['title', 'priority', 'status', 'description', 'category', 'type'];
                $delta = [];
                foreach ($trackFields as $field) {
                    $oldVal = (string)($currentTicket[$field] ?? '');
                    $newVal = (string)($updateData[$field] ?? '');
                    if ($oldVal !== $newVal) {
                        $delta[$field] = ['from' => $oldVal, 'to' => $newVal];
                    }
                }
                if (!empty($delta)) {
                    $this->auditLog->logTicketUpdate($this->userId, $id, $delta);
                }
            }

            return [
                'success'    => true,
                'status'     => $updateData['status'],
                'priority'   => $updateData['priority'],
                'updated_at' => date('Y-m-d H:i:s'),
                'message'    => 'Ticket updated successfully'
            ];
        }
    }

    // Use centralized database connection
    $conn = Database::getConnection();

    // Check request method
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        throw new Exception("Method not allowed. Expected POST, got " . $_SERVER['REQUEST_METHOD']);
    }
    
    // Get POST data
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);

    if (!$data) {
        throw new Exception("Invalid JSON data received: " . $input);
    }
    
    if (!isset($data['ticket_id'])) {
        throw new Exception("Missing ticket_id parameter");
    }
    
    $ticketId = (int)$data['ticket_id'];

    // Initialize controller
    $controller = new ApiTicketController($conn, $userId, $isAdmin, $currentUser);

    // Update ticket
    $result = $controller->update($ticketId, $data);
    
    // Discard any output that might have been generated
    ob_end_clean();
    
    // Return response
    if (!empty($result['http_status'])) {
        http_response_code($result['http_status']);
        unset($result['http_status']);
    }
    header('Content-Type: application/json');
    echo json_encode($result);

} catch (Exception $e) {
    // Discard any output that might have been generated
    ob_end_clean();

    // Log error details but don't expose to client
    error_log("Update ticket API error: " . $e->getMessage());

    // Return error response
    header('Content-Type: application/json');
    http_response_code(500);
    echo json_encode([
        'success' => false,
        'error' => 'An internal error occurred'
    ]);
}
?>
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`<?php`
			`// Enable error reporting for debugging`
			`error_reporting(E_ALL);`
			`ini_set('display_errors', 0); // Don't display errors in the response`

Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`// Apply rate limiting`
			`require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';`
			`RateLimitMiddleware::apply('api');`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00
			`// Start output buffering to capture any errors`
			`ob_start();`

			`try {`
			`// Load config`
			`$configPath = dirname(__DIR__) . '/config/config.php';`
			`require_once $configPath;`
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`require_once dirname(__DIR__) . '/helpers/Database.php';`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Load models directly with absolute paths`
			`$ticketModelPath = dirname(__DIR__) . '/models/TicketModel.php';`
			`$commentModelPath = dirname(__DIR__) . '/models/CommentModel.php';`
SSO Update :) 2026-01-01 15:40:32 -05:00			`$auditLogModelPath = dirname(__DIR__) . '/models/AuditLogModel.php';`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`$workflowModelPath = dirname(__DIR__) . '/models/WorkflowModel.php';`
SSO Update :) 2026-01-01 15:40:32 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`require_once $ticketModelPath;`
			`require_once $commentModelPath;`
SSO Update :) 2026-01-01 15:40:32 -05:00			`require_once $auditLogModelPath;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`require_once $workflowModelPath;`
SSO Update :) 2026-01-01 15:40:32 -05:00
			`// Check authentication via session`
Integrate web_template design system and fix security/quality issues 2026-03-17 23:22:24 -04:00			`if (session_status() === PHP_SESSION_NONE) {`
			`session_start();`
			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00			`if (!isset($_SESSION['user']) \|\| !isset($_SESSION['user']['user_id'])) {`
			`throw new Exception("Authentication required");`
			`}`
feat: Add CSRF protection to critical API endpoints 2026-01-09 12:32:34 -05:00
			`// CSRF Protection`
			`require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';`
			`if ($_SERVER['REQUEST_METHOD'] === 'POST' \|\| $_SERVER['REQUEST_METHOD'] === 'PUT') {`
			`$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';`
			`if (!CsrfMiddleware::validateToken($csrfToken)) {`
			`http_response_code(403);`
			`header('Content-Type: application/json');`
			`echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);`
			`exit;`
			`}`
			`}`

SSO Update :) 2026-01-01 15:40:32 -05:00			`$currentUser = $_SESSION['user'];`
			`$userId = $currentUser['user_id'];`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`$isAdmin = $currentUser['is_admin'] ?? false;`
SSO Update :) 2026-01-01 15:40:32 -05:00
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// Updated controller class that handles partial updates`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`class ApiTicketController {`
			`private $ticketModel;`
			`private $commentModel;`
SSO Update :) 2026-01-01 15:40:32 -05:00			`private $auditLog;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`private $workflowModel;`
SSO Update :) 2026-01-01 15:40:32 -05:00			`private $userId;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`private $isAdmin;`
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`private $currentUser;`
SSO Update :) 2026-01-01 15:40:32 -05:00
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`public function __construct($conn, $userId = null, $isAdmin = false, $currentUser = []) {`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`$this->ticketModel = new TicketModel($conn);`
			`$this->commentModel = new CommentModel($conn);`
SSO Update :) 2026-01-01 15:40:32 -05:00			`$this->auditLog = new AuditLogModel($conn);`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`$this->workflowModel = new WorkflowModel($conn);`
SSO Update :) 2026-01-01 15:40:32 -05:00			`$this->userId = $userId;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`$this->isAdmin = $isAdmin;`
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`$this->currentUser = $currentUser;`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`public function update($id, $data) {`
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// First, get the current ticket data to fill in missing fields`
			`$currentTicket = $this->ticketModel->getTicketById($id);`
			`if (!$currentTicket) {`
			`return [`
			`'success' => false,`
			`'error' => 'Ticket not found'`
			`];`
			`}`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`// Visibility check: return 404 for tickets the user cannot access`
			`if (!$this->ticketModel->canUserAccessTicket($currentTicket, $this->currentUser)) {`
			`return [`
			`'success' => false,`
			`'error' => 'Ticket not found',`
			`'http_status' => 404`
			`];`
			`}`

Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`// Authorization: admins can edit any ticket; others only their own or assigned`
			`if (!$this->isAdmin`
Fix loose comparisons in authorization checks 2026-03-28 22:35:48 -04:00			`&& (int)$currentTicket['created_by'] !== (int)$this->userId`
			`&& (int)$currentTicket['assigned_to'] !== (int)$this->userId`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`) {`
			`return [`
			`'success' => false,`
			`'error' => 'Permission denied'`
			`];`
			`}`

Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// Merge current data with updates, keeping existing values for missing fields`
			`$updateData = [`
			`'ticket_id' => $id,`
			`'title' => $data['title'] ?? $currentTicket['title'],`
			`'description' => $data['description'] ?? $currentTicket['description'],`
			`'category' => $data['category'] ?? $currentTicket['category'],`
			`'type' => $data['type'] ?? $currentTicket['type'],`
			`'status' => $data['status'] ?? $currentTicket['status'],`
			`'priority' => isset($data['priority']) ? (int)$data['priority'] : (int)$currentTicket['priority']`
			`];`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// Validate required fields`
			`if (empty($updateData['title'])) {`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`return [`
			`'success' => false,`
			`'error' => 'Title cannot be empty'`
			`];`
			`}`

Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// Validate priority range`
			`if ($updateData['priority'] < 1 \|\| $updateData['priority'] > 5) {`
			`return [`
			`'success' => false,`
			`'error' => 'Priority must be between 1 and 5'`
			`];`
			`}`

Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`// Validate status transition using workflow model`
			`if ($currentTicket['status'] !== $updateData['status']) {`
			`$allowed = $this->workflowModel->isTransitionAllowed(`
			`$currentTicket['status'],`
			`$updateData['status'],`
			`$this->isAdmin`
			`);`

			`if (!$allowed) {`
			`return [`
			`'success' => false,`
			`'error' => 'Status transition not allowed: ' . $currentTicket['status'] . ' → ' . $updateData['status']`
			`];`
			`}`
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`// Update ticket with user tracking and optional optimistic locking`
			`$expectedUpdatedAt = $data['expected_updated_at'] ?? null;`
			`$result = $this->ticketModel->updateTicket($updateData, $this->userId, $expectedUpdatedAt);`

			`// Handle conflict case`
			`if (!$result['success']) {`
			`$response = [`
			`'success' => false,`
			`'error' => $result['error'] ?? 'Failed to update ticket in database'`
			`];`
			`if (!empty($result['conflict'])) {`
			`$response['conflict'] = true;`
			`$response['current_updated_at'] = $result['current_updated_at'] ?? null;`
			`}`
			`return $response;`
			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`// Handle visibility update if provided`
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`if (isset($data['visibility'])) {`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`$visibilityGroups = $data['visibility_groups'] ?? null;`
			`// Convert array to comma-separated string if needed`
			`if (is_array($visibilityGroups)) {`
			`$visibilityGroups = implode(',', array_map('trim', $visibilityGroups));`
			`}`
Security hardening and performance improvements 2026-01-28 20:27:15 -05:00
			`// Validate internal visibility requires groups`
			`if ($data['visibility'] === 'internal' && (empty($visibilityGroups) \|\| trim($visibilityGroups) === '')) {`
			`return [`
			`'success' => false,`
			`'error' => 'Internal visibility requires at least one group to be specified'`
			`];`
			`}`

Wire optimistic locking, visibility audit log, full ticket export 2026-03-29 21:19:01 -04:00			`$visResult = $this->ticketModel->updateVisibility($id, $data['visibility'], $visibilityGroups, $this->userId);`
			`if ($visResult && $this->userId) {`
			`$this->auditLog->log(`
			`$this->userId, 'update', 'ticket', (string)$id,`
			`[`
			`'field' => 'visibility',`
			`'from' => $currentTicket['visibility'] ?? 'public',`
			`'to' => $data['visibility'],`
			`'groups' => $visibilityGroups`
			`]`
			`);`
			`}`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`}`

Show only changed fields (delta) in ticket activity timeline 2026-03-28 13:35:01 -04:00			`// Log ticket update to audit log — only the changed fields (delta)`
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`if ($this->userId) {`
Show only changed fields (delta) in ticket activity timeline 2026-03-28 13:35:01 -04:00			`$trackFields = ['title', 'priority', 'status', 'description', 'category', 'type'];`
			`$delta = [];`
			`foreach ($trackFields as $field) {`
			`$oldVal = (string)($currentTicket[$field] ?? '');`
			`$newVal = (string)($updateData[$field] ?? '');`
			`if ($oldVal !== $newVal) {`
			`$delta[$field] = ['from' => $oldVal, 'to' => $newVal];`
			`}`
			`}`
			`if (!empty($delta)) {`
			`$this->auditLog->logTicketUpdate($this->userId, $id, $delta);`
			`}`
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`return [`
Wire optimistic locking, visibility audit log, full ticket export 2026-03-29 21:19:01 -04:00			`'success' => true,`
			`'status' => $updateData['status'],`
			`'priority' => $updateData['priority'],`
			`'updated_at' => date('Y-m-d H:i:s'),`
			`'message' => 'Ticket updated successfully'`
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`];`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`}`
			`}`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Add performance, security, and reliability improvements 2026-01-30 14:39:13 -05:00			`// Use centralized database connection`
			`$conn = Database::getConnection();`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`// Check request method`
			`if ($_SERVER['REQUEST_METHOD'] !== 'POST') {`
			`throw new Exception("Method not allowed. Expected POST, got " . $_SERVER['REQUEST_METHOD']);`
			`}`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Get POST data`
			`$input = file_get_contents('php://input');`
			`$data = json_decode($input, true);`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`if (!$data) {`
			`throw new Exception("Invalid JSON data received: " . $input);`
			`}`

			`if (!isset($data['ticket_id'])) {`
			`throw new Exception("Missing ticket_id parameter");`
			`}`

Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`$ticketId = (int)$data['ticket_id'];`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Initialize controller`
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`$controller = new ApiTicketController($conn, $userId, $isAdmin, $currentUser);`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Update ticket`
			`$result = $controller->update($ticketId, $data);`

			`// Discard any output that might have been generated`
			`ob_end_clean();`

			`// Return response`
Enforce ticket visibility on attachment and update endpoints 2026-03-20 21:42:47 -04:00			`if (!empty($result['http_status'])) {`
			`http_response_code($result['http_status']);`
			`unset($result['http_status']);`
			`}`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`header('Content-Type: application/json');`
			`echo json_encode($result);`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`} catch (Exception $e) {`
			`// Discard any output that might have been generated`
			`ob_end_clean();`
Fix error message disclosure in API endpoints 2026-01-30 18:56:29 -05:00
			`// Log error details but don't expose to client`
			`error_log("Update ticket API error: " . $e->getMessage());`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Return error response`
			`header('Content-Type: application/json');`
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`http_response_code(500);`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`echo json_encode([`
			`'success' => false,`
Fix error message disclosure in API endpoints 2026-01-30 18:56:29 -05:00			`'error' => 'An internal error occurred'`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`]);`
			`}`
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`?>`