Back
IS 226 β€” Web Information Systems

IT Helpdesk Ticketing Application

A complete end-to-end IT service management solution covering ticket creation, assignment, escalation, SLA tracking, file attachments, email notifications, and audit logging β€” supported by role-based dashboards and advanced filtering.

Status
Live
Stack
PHP 8.5 MySQL JavaScript AWS EC2 Cloudinary Brevo
Group
WIS-004 — 5 Members
πŸ“‹
Project Overview
Purpose, objectives, and academic context
Purpose

The IT Helpdesk Ticketing Application is a web-based support request management system designed to help employees report technical issues and allow IT support staff to manage, track, and resolve those requests in an organized and traceable manner.

Objective

To improve the efficiency of IT support operations by centralizing ticket submission, assignment, monitoring, resolution, escalation, closure, and audit logging in one integrated platform.

Academic Context

Developed as the final project for IS 226 β€” Web Information Systems. Demonstrates applied database design, transaction management, security controls, reporting, auditability, and user-centered web system development.

πŸ‘₯
User Roles & Access
Role-based access control and capabilities
Employee

Submit tickets, view ticket history, receive email updates, close resolved tickets, and track ticket status and timeline.

IT Staff

Manage ticket operations β€” assign, reassign, escalate, comment, resolve, and monitor SLA status across all tickets.

Super Admin

Oversee master data, manage users, monitor security dashboards, review audit logs, and unlock locked accounts.

Access Control
PHP Guard Functions
  • requireEmployee()
  • requireOperationalITStaff()
  • requireSuperAdmin()
  • requireLogin() with redirect saving
Session Security
  • Session regeneration on login
  • Auto-logout after 15 min inactivity
  • Role stored in $_SESSION
  • Redirect to styled 403 Access Denied page
🎫
Ticket Management
Creation, lifecycle, assignment, and escalation
Ticket Creation
Employee Submission
  • Subject, description, category, priority
  • Optional linked IT asset
  • File attachments via Cloudinary widget
  • Auto-generated number: TCK-YYYY-0001
IT Staff Submission
  • Raise ticket on behalf of employee
  • Employee-based asset filtering
  • Same auto-numbering system
  • Audit log entry recorded
Ticket Lifecycle
Open β†’ Assigned β†’ In Progress β†’ Pending β†’ Resolved β†’ Closed β†˜ Escalated β†˜ Reopened
Assignment
Auto-Assignment
  • Routes to lowest-workload Level 1 staff
  • Falls back to admin email if none available
  • Assignment record and audit log created
  • Notification email sent to assigned staff
Manual Assignment
  • IT staff can assign/reassign anytime
  • Full assignment history tracked
  • System comment auto-added on reassign
  • Email notification to new assignee
Escalation
Escalation Features
  • Escalate to any IT staff member with mandatory reason
  • Multi-level escalation tracking (L1 β†’ L2 β†’ L3)
  • From staff, to staff, level, reason, and timestamp recorded
  • Email sent to receiving staff automatically
⏱️
SLA Management
Service level tracking, breach detection, and automation
SLA Configuration
  • SLA target hours defined per issue category
  • Overdue: NOW() > DATE_ADD(date_submitted, INTERVAL sla_target_hours HOUR)
  • Resolved and Closed tickets excluded from detection
Breach Automation
  • Auto-runs on every page load
  • Overdue tickets β†’ status set to Escalated
  • Priority escalation: Lowβ†’Med, Medβ†’High, Highβ†’Critical
  • SLA breach logged in audit_logs
UI Indicators
  • 🟒 On Track
  • πŸ”΄ Overdue
  • 🚨 SLA Breached
  • Dashboard counters for overdue and breached
Dashboard Metrics
  • Overdue count (IT Staff dashboard)
  • SLA Breached count (IT Staff + Admin)
  • Per-ticket SLA target hours visible in table
πŸ’¬
Communication & Attachments
Comments, internal notes, file uploads, and email notifications
Comment System
  • Public comments β€” visible to employee
  • Internal notes β€” IT staff only
  • Auto-scroll to latest on page load
  • System comments for status/assignment changes
File Attachments
  • Cloudinary widget integration
  • Up to 5 files, max 10MB each
  • PDF, images, docs, CSV, ZIP, video supported
  • Files linked per comment, displayed in ticket view
Email Notifications (Brevo)
  • Ticket submitted β€” confirmation to employee
  • Auto-assignment β€” notification to IT staff
  • Status change β€” update to employee
  • Resolution β€” email to employee
  • New comment β€” notification to assigned staff
  • Escalation β€” email to receiving staff
  • Triage β€” admin email if no Level 1 available
Ticket Timeline
  • Chronological view of all ticket events
  • Submitted, Assigned, Commented, Resolved, Closed
  • Available in employee ticket-details view
  • Sorted newest-first
πŸ“Š
Dashboards & Reporting
Role-based dashboards, filtering, and reports
Employee Dashboard
  • Open / In Progress / Resolved / Closed
  • Total tickets summary
  • Recent tickets table
  • Quick actions
IT Staff Dashboard
  • All ticket status counts
  • Assigned to me count
  • Overdue & SLA breached counts
  • My Assigned Tickets shortcut
Admin Dashboard
  • Categories, assets, employees, staff counts
  • Locked accounts count
  • SLA breached count
  • Recent master data records
Filtering & Search
Manage Tickets Filters
  • Search by ticket number or subject
  • Filter by status, priority, category
  • Assignment scope: All / Mine / Unassigned / Others
  • "Mine" badge for quick ownership identification
  • Persistent filters with pagination and go-to page
Audit Log Filters
  • Search by description, actor, action, or table
  • Filter by actor type, action, and table name
  • Date range filter (from / to)
  • Paginated results
πŸ”’
Security Features
Authentication, access control, audit logging, and data protection
Password Security
Bcrypt hashing via password_hash(). Never stored in plain text.
SQL Injection Prevention
All queries use PDO prepared statements with fully parameterized inputs.
Account Lockout
Locked for 15 minutes after 3 failed login attempts. Super Admin can unlock with full audit trail.
Session Security
session_regenerate_id() on login. Auto-logout after 15 minutes of inactivity.
XSS Prevention
htmlspecialchars() applied to all user-generated output rendered in HTML.
Role-Based Access
Every page enforces role checks. Unauthorized access redirects to a styled 403 page.
Audit Logging
Login attempts, lockouts, ticket changes, and assignments all recorded in audit_logs.
Infrastructure Security
SSH key-only EC2 access. Private GitHub repo. Credentials in .env, never committed.
Security Dashboard
Super Admin monitors failed logins, risk levels, locked accounts, and recent security events.
Type Safety
declare(strict_types=1) on all files. Input validated with ctype_digit() and in_array().
πŸ—οΈ
System Architecture
Technology stack, infrastructure, and integrations
Frontend
  • HTML5 / CSS3 (custom design system)
  • Vanilla JavaScript
  • AJAX via Fetch API
  • Cloudinary Upload Widget
Backend
  • PHP 8.5
  • PDO with prepared statements
  • Session-based authentication
  • RESTful-style AJAX handlers
Database
  • MySQL
  • Relational schema with FK constraints
  • Transaction support (BEGIN/COMMIT/ROLLBACK)
  • Audit log table for all key events
Infrastructure
  • AWS EC2 (Ubuntu 24)
  • HTTPS via custom domain
  • SSH key-only server access
  • GitHub (private repo)
External Integrations
  • Brevo β€” transactional email API
  • Cloudinary β€” file storage and CDN
  • Environment variables for all credentials
Dev Tooling
  • PHP CS Fixer (PSR-12)
  • browser-sync for live reload
  • Git branching (feature branches)
  • VS Code + PHP formatter
βœ…
Implementation Status
What is fully implemented vs planned
βœ“
Role-based authentication and access control
βœ“
Ticket submission by employee and IT staff (on behalf)
βœ“
Auto-assignment to Level 1 staff with load balancing
βœ“
Manual assignment, reassignment, and escalation
βœ“
Full ticket lifecycle management (8 statuses)
βœ“
SLA breach automation and priority escalation
βœ“
Public and internal commenting system
βœ“
File attachments via Cloudinary (up to 5 files per comment)
βœ“
Email notifications via Brevo (7 trigger types)
βœ“
Ticket timeline for employees
βœ“
Advanced filtering, search, and pagination
βœ“
Role-based dashboards (Employee, IT Staff, Admin)
βœ“
Security dashboard with lockout management
βœ“
Audit logs with full filtering interface
βœ“
Master data management (categories, assets, employees, staff, departments)
βœ“
Account lockout (3 attempts / 15 min) with admin unlock
βœ“
Reports module
βœ—
SLA countdown timer ("2h 15m remaining") β€” planned
βœ—
Employee-side ticket reopen β€” planned
πŸ‘€
Project Team
IS 226 β€” Group WIS-004
JC
Concepcion, Joseph
Project Lead, Backend and Frontend Lead, & Deployment Lead
SG
Genito, Sannie Agnes
QA & Documentation Lead
AH
Herrera, Ariel
Lead System Analyst & Test Lead
JJ
Joaquin, John Rainer
Research & Documentation Lead
JL
Llenado, Daryljade
UI and UX Lead, Frontend Developer, & Deployment Lead