false, 'error' => 'Not authenticated']); exit; } // CSRF Protection require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? ''; if (!CsrfMiddleware::validateToken($csrfToken)) { http_response_code(403); echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']); exit; } } $userId = $_SESSION['user']['user_id']; // Get request data $data = json_decode(file_get_contents('php://input'), true); $ticketId = $data['ticket_id'] ?? null; $assignedTo = $data['assigned_to'] ?? null; if (!$ticketId) { echo json_encode(['success' => false, 'error' => 'Ticket ID required']); exit; } // Create database connection $conn = new mysqli( $GLOBALS['config']['DB_HOST'], $GLOBALS['config']['DB_USER'], $GLOBALS['config']['DB_PASS'], $GLOBALS['config']['DB_NAME'] ); if ($conn->connect_error) { echo json_encode(['success' => false, 'error' => 'Database connection failed']); exit; } $ticketModel = new TicketModel($conn); $auditLogModel = new AuditLogModel($conn); if ($assignedTo === null || $assignedTo === '') { // Unassign ticket $success = $ticketModel->unassignTicket($ticketId, $userId); if ($success) { $auditLogModel->log($userId, 'unassign', 'ticket', $ticketId); } } else { // Assign ticket $success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId); if ($success) { $auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]); } } $conn->close(); echo json_encode(['success' => $success]);