mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
Moved admin_ to /admin, user_ to user report_ to /reports each have their own post includes modals directories created seperate headers and footer. Also did the same for xcustom, more work to me done
This commit is contained in:
johnnyq
@@ -1,71 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for AI Models ('ai_model')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_ai_model'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider_id = intval($_POST['provider']);
|
||||
$model = sanitizeInput($_POST['model']);
|
||||
$prompt = sanitizeInput($_POST['prompt']);
|
||||
$use_case = sanitizeInput($_POST['use_case']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case', ai_model_ai_provider_id = $provider_id");
|
||||
|
||||
$ai_model_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("AI Model", "Create", "$session_name created AI Model $model");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$model</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_ai_model'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$model_id = intval($_POST['model_id']);
|
||||
$model = sanitizeInput($_POST['model']);
|
||||
$prompt = sanitizeInput($_POST['prompt']);
|
||||
$use_case = sanitizeInput($_POST['use_case']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case' WHERE ai_model_id = $model_id");
|
||||
|
||||
// Logging
|
||||
logAction("AI Model", "Edit", "$session_name edited AI Model $model");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$model</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_ai_model'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$model_id = intval($_GET['delete_ai_model']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT ai_model_name FROM ai_models WHERE ai_model_id = $model_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$model_name = sanitizeInput($row['ai_model_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM ai_models WHERE ai_model_id = $model_id");
|
||||
|
||||
// Logging
|
||||
logAction("AI Model", "Delete", "$session_name deleted AI Model $model_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$model_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for AI Providers ('ai_provider')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_ai_provider'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider = sanitizeInput($_POST['provider']);
|
||||
$url = sanitizeInput($_POST['url']);
|
||||
$model = sanitizeInput($_POST['model']);
|
||||
$api_key = sanitizeInput($_POST['api_key']);
|
||||
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO ai_providers SET ai_provider_name = '$provider', ai_provider_api_url = '$url', ai_provider_api_key = '$api_key'");
|
||||
|
||||
$ai_provider_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("AI Provider", "Create", "$session_name created AI Provider $provider");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_ai_provider'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider_id = intval($_POST['provider_id']);
|
||||
$provider = sanitizeInput($_POST['provider']);
|
||||
$url = sanitizeInput($_POST['url']);
|
||||
$api_key = sanitizeInput($_POST['api_key']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE ai_providers SET ai_provider_name = '$provider', ai_provider_api_url = '$url', ai_provider_api_key = '$api_key' WHERE ai_provider_id = $provider_id");
|
||||
|
||||
// Logging
|
||||
logAction("AI Provider", "Edit", "$session_name edited AI Provider $provider");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$provider</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_ai_provider'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$provider_id = intval($_GET['delete_ai_provider']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT ai_provider_name FROM ai_providers WHERE ai_provider_id = $provider_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$provider_name = sanitizeInput($row['ai_provider_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM ai_providers WHERE ai_provider_id = $provider_id");
|
||||
|
||||
// Logging
|
||||
logAction("AI Provider", "Delete", "$session_name deleted AI Provider $provider_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "AI Provider <strong>$provider_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,92 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for API settings
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_api_key'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$expire = sanitizeInput($_POST['expire']);
|
||||
$client_id = intval($_POST['client']);
|
||||
$secret = sanitizeInput($_POST['key']); // API Key
|
||||
|
||||
// Credential decryption password
|
||||
$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
|
||||
$apikey_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_decrypt_hash = '$apikey_specific_encryption_ciphertext', api_key_expire = '$expire', api_key_client_id = $client_id");
|
||||
|
||||
$api_key_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("API Key", "Create", "$session_name created API key $name set to expire on $expire", $client_id, $api_key_id);
|
||||
|
||||
$_SESSION['alert_message'] = "API Key <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_api_key'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$api_key_id = intval($_GET['delete_api_key']);
|
||||
|
||||
// Get API Key Name
|
||||
$row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id"));
|
||||
$api_key_name = sanitizeInput($row['api_key_name']);
|
||||
$client_id = intval($row['api_key_client_id']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id");
|
||||
|
||||
// Logging
|
||||
logAction("API Key", "Delete", "$session_name deleted API key $name", $client_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "API Key <strong>$name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['bulk_delete_api_keys'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
if (isset($_POST['api_key_ids'])) {
|
||||
|
||||
$count = count($_POST['api_key_ids']);
|
||||
|
||||
// Cycle through array and delete each record
|
||||
foreach ($_POST['api_key_ids'] as $api_key_id) {
|
||||
|
||||
$api_key_id = intval($api_key_id);
|
||||
|
||||
// Get API Key Name
|
||||
$row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id"));
|
||||
$api_key_name = sanitizeInput($row['api_key_name']);
|
||||
$client_id = intval($row['api_key_client_id']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM api_keys WHERE api_key_id = $api_key_id");
|
||||
|
||||
// Logging
|
||||
logAction("API Key", "Delete", "$session_name deleted API key $name", $client_id);
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("API Key", "Bulk Delete", "$session_name deleted $count API key(s)");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> API keys(s)";
|
||||
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,216 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for DB / master key backup
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
require_once "includes/app_version.php";
|
||||
|
||||
if (isset($_GET['download_backup'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$timestamp = date('YmdHis');
|
||||
$baseName = "itflow_$timestamp";
|
||||
|
||||
// === 0. Scoped cleanup ===
|
||||
$cleanupFiles = [];
|
||||
|
||||
$registerTempFileForCleanup = function ($file) use (&$cleanupFiles) {
|
||||
$cleanupFiles[] = $file;
|
||||
};
|
||||
|
||||
register_shutdown_function(function () use (&$cleanupFiles) {
|
||||
foreach ($cleanupFiles as $file) {
|
||||
if (is_file($file)) {
|
||||
@unlink($file);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// === 1. Local helper function: zipFolder
|
||||
$zipFolder = function ($folderPath, $zipFilePath) {
|
||||
$zip = new ZipArchive();
|
||||
if ($zip->open($zipFilePath, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
|
||||
error_log("Failed to open zip file: $zipFilePath");
|
||||
http_response_code(500);
|
||||
exit("Internal Server Error: Cannot open zip archive.");
|
||||
}
|
||||
|
||||
$folderPath = realpath($folderPath);
|
||||
if (!$folderPath) {
|
||||
error_log("Invalid folder path: $folderPath");
|
||||
http_response_code(500);
|
||||
exit("Internal Server Error: Invalid folder path.");
|
||||
}
|
||||
|
||||
$files = new RecursiveIteratorIterator(
|
||||
new RecursiveDirectoryIterator($folderPath),
|
||||
RecursiveIteratorIterator::LEAVES_ONLY
|
||||
);
|
||||
|
||||
foreach ($files as $file) {
|
||||
if (!$file->isDir()) {
|
||||
$filePath = $file->getRealPath();
|
||||
$relativePath = substr($filePath, strlen($folderPath) + 1);
|
||||
$zip->addFile($filePath, $relativePath);
|
||||
}
|
||||
}
|
||||
|
||||
$zip->close();
|
||||
};
|
||||
|
||||
// === 2. Create all temp files
|
||||
$sqlFile = tempnam(sys_get_temp_dir(), $baseName . "_sql_");
|
||||
$uploadsZip = tempnam(sys_get_temp_dir(), $baseName . "_uploads_");
|
||||
$versionFile = tempnam(sys_get_temp_dir(), $baseName . "_version_");
|
||||
$finalZip = tempnam(sys_get_temp_dir(), $baseName . "_backup_");
|
||||
|
||||
foreach ([$sqlFile, $uploadsZip, $versionFile, $finalZip] as $f) {
|
||||
$registerTempFileForCleanup($f);
|
||||
chmod($f, 0600);
|
||||
}
|
||||
|
||||
// === 3. Generate SQL Dump
|
||||
$sqlContent = "-- UTF-8 + Foreign Key Safe Dump\n";
|
||||
$sqlContent .= "SET NAMES 'utf8mb4';\n";
|
||||
$sqlContent .= "SET foreign_key_checks = 0;\n\n";
|
||||
|
||||
$tables = [];
|
||||
$res = $mysqli->query("SHOW TABLES");
|
||||
if (!$res) {
|
||||
error_log("MySQL Error: " . $mysqli->error);
|
||||
exit("Error retrieving tables.");
|
||||
}
|
||||
|
||||
while ($row = $res->fetch_row()) {
|
||||
$tables[] = $row[0];
|
||||
}
|
||||
|
||||
foreach ($tables as $table) {
|
||||
$createRes = $mysqli->query("SHOW CREATE TABLE `$table`");
|
||||
if (!$createRes) {
|
||||
error_log("MySQL Error: " . $mysqli->error);
|
||||
continue;
|
||||
}
|
||||
|
||||
$createRow = $createRes->fetch_assoc();
|
||||
$createSQL = array_values($createRow)[1];
|
||||
|
||||
$sqlContent .= "\n-- ----------------------------\n";
|
||||
$sqlContent .= "-- Table structure for `$table`\n";
|
||||
$sqlContent .= "-- ----------------------------\n";
|
||||
$sqlContent .= "DROP TABLE IF EXISTS `$table`;\n";
|
||||
$sqlContent .= $createSQL . ";\n\n";
|
||||
|
||||
$dataRes = $mysqli->query("SELECT * FROM `$table`");
|
||||
if ($dataRes && $dataRes->num_rows > 0) {
|
||||
$sqlContent .= "-- Dumping data for table `$table`\n";
|
||||
while ($row = $dataRes->fetch_assoc()) {
|
||||
$columns = array_map(fn($col) => '`' . $mysqli->real_escape_string($col) . '`', array_keys($row));
|
||||
$values = array_map(function ($val) use ($mysqli) {
|
||||
return is_null($val) ? "NULL" : "'" . $mysqli->real_escape_string($val) . "'";
|
||||
}, array_values($row));
|
||||
$sqlContent .= "INSERT INTO `$table` (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $values) . ");\n";
|
||||
}
|
||||
$sqlContent .= "\n";
|
||||
}
|
||||
}
|
||||
|
||||
$sqlContent .= "SET foreign_key_checks = 1;\n";
|
||||
file_put_contents($sqlFile, $sqlContent);
|
||||
|
||||
// === 4. Zip the uploads folder
|
||||
$zipFolder("uploads", $uploadsZip);
|
||||
|
||||
// === 5. Create version.txt
|
||||
$commitHash = trim(shell_exec('git log -1 --format=%H')) ?: 'N/A';
|
||||
$gitBranch = trim(shell_exec('git rev-parse --abbrev-ref HEAD')) ?: 'N/A';
|
||||
|
||||
$versionContent = "ITFlow Backup Metadata\n";
|
||||
$versionContent .= "-----------------------------\n";
|
||||
$versionContent .= "Generated: " . date('Y-m-d H:i:s') . "\n";
|
||||
$versionContent .= "Backup File: " . basename($finalZip) . "\n";
|
||||
$versionContent .= "Generated By: $session_name\n";
|
||||
$versionContent .= "Host: " . gethostname() . "\n";
|
||||
$versionContent .= "Git Branch: $gitBranch\n";
|
||||
$versionContent .= "Git Commit: $commitHash\n";
|
||||
$versionContent .= "ITFlow Version: " . (defined('APP_VERSION') ? APP_VERSION : 'Unknown') . "\n";
|
||||
$versionContent .= "Database Version: " . (defined('CURRENT_DATABASE_VERSION') ? CURRENT_DATABASE_VERSION : 'Unknown') . "\n";
|
||||
$versionContent .= "Checksum (SHA256): \n";
|
||||
|
||||
file_put_contents($versionFile, $versionContent);
|
||||
|
||||
// === 6. Build final ZIP
|
||||
$final = new ZipArchive();
|
||||
if ($final->open($finalZip, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
|
||||
error_log("Failed to create final zip: $finalZip");
|
||||
http_response_code(500);
|
||||
exit("Internal Server Error: Unable to create backup archive.");
|
||||
}
|
||||
|
||||
$final->addFile($sqlFile, "db.sql");
|
||||
$final->addFile($uploadsZip, "uploads.zip");
|
||||
$final->addFile($versionFile, "version.txt");
|
||||
$final->close();
|
||||
|
||||
chmod($finalZip, 0600);
|
||||
|
||||
$checksum = hash_file('sha256', $finalZip);
|
||||
file_put_contents($versionFile, $versionContent . "$checksum\n");
|
||||
|
||||
// === 7. Serve final ZIP
|
||||
header('Content-Type: application/zip');
|
||||
header('Content-Disposition: attachment; filename="' . basename($finalZip) . '"');
|
||||
header('Content-Length: ' . filesize($finalZip));
|
||||
header('Pragma: public');
|
||||
header('Expires: 0');
|
||||
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
||||
header('Content-Transfer-Encoding: binary');
|
||||
|
||||
flush();
|
||||
$fp = fopen($finalZip, 'rb');
|
||||
fpassthru($fp);
|
||||
fclose($fp);
|
||||
|
||||
logAction("System", "Backup Download", "$session_name downloaded full backup.");
|
||||
$_SESSION['alert_message'] = "Full backup downloaded.";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['backup_master_key'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$password = $_POST['password'];
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
if (password_verify($password, $row['user_password'])) {
|
||||
$site_encryption_master_key = decryptUserSpecificKey($row['user_specific_encryption_ciphertext'], $password);
|
||||
|
||||
// Logging
|
||||
logAction("Master Key", "Download", "$session_name retrieved the master encryption key");
|
||||
|
||||
// App Notify
|
||||
appNotify("Master Key", "$session_name retrieved the master encryption key");
|
||||
|
||||
echo "==============================";
|
||||
echo "<br>Master encryption key:<br>";
|
||||
echo "<b>$site_encryption_master_key</b>";
|
||||
echo "<br>==============================";
|
||||
|
||||
} else {
|
||||
// Log the failure
|
||||
logAction("Master Key", "Download", "$session_name attempted to retrieve the master encryption key but failed");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Incorrect password.";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for categories ('category')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_category'])) {
|
||||
|
||||
require_once 'post/admin/admin_category_model.php';
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
|
||||
|
||||
$category_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Category", "Create", "$session_name created category $type $name", 0, $category_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Category $type <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_category'])) {
|
||||
|
||||
require_once 'post/admin/admin_category_model.php';
|
||||
|
||||
$category_id = intval($_POST['category_id']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_type = '$type', category_color = '$color' WHERE category_id = $category_id");
|
||||
|
||||
// Logging
|
||||
logAction("Category", "Edit", "$session_name edited category $type $name", 0, $category_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Category $type <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['archive_category'])) {
|
||||
|
||||
$category_id = intval($_GET['archive_category']);
|
||||
|
||||
// Get Category Name and Type for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$category_name = sanitizeInput($row['category_name']);
|
||||
$category_type = sanitizeInput($row['category_type']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE categories SET category_archived_at = NOW() WHERE category_id = $category_id");
|
||||
|
||||
// Logging
|
||||
logAction("Category", "Archive", "$session_name archived category $category_type $category_name", 0, $category_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Category $category_type <strong>$category_name</strong> archived";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['unarchive_category'])) {
|
||||
|
||||
$category_id = intval($_GET['unarchive_category']);
|
||||
|
||||
// Get Category Name and Type for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$category_name = sanitizeInput($row['category_name']);
|
||||
$category_type = sanitizeInput($row['category_type']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE categories SET category_archived_at = NULL WHERE category_id = $category_id");
|
||||
|
||||
// Logging
|
||||
logAction("Category", "Unarchive", "$session_name unarchived category $category_type $category_name", 0, $category_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Category $category_type <strong>$category_name</strong> unarchived";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_category'])) {
|
||||
|
||||
$category_id = intval($_GET['delete_category']);
|
||||
|
||||
// Get Category Name and Type for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$category_name = sanitizeInput($row['category_name']);
|
||||
$category_type = sanitizeInput($row['category_type']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM categories WHERE category_id = $category_id");
|
||||
|
||||
// Logging
|
||||
logAction("Category", "Delete", "$session_name deleted category $category_type $category_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Category $category_type <strong>$category_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,6 +0,0 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
@@ -1,63 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for custom fields
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if(isset($_POST['create_custom_field'])){
|
||||
|
||||
require_once 'post/admin/admin_custom_field_model.php';
|
||||
|
||||
$table = sanitizeInput($_POST['table']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO custom_fields SET custom_field_table = '$table', custom_field_label = '$label', custom_field_type = '$type'");
|
||||
|
||||
$custom_field_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Custom Field", "Create", "$session_name created custom field $label", 0, $custom_field_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom field <strong>$label</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if(isset($_POST['edit_custom_field'])){
|
||||
|
||||
require_once 'post/admin/admin_custom_field_model.php';
|
||||
|
||||
$custom_field_id = intval($_POST['custom_field_id']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE custom_fields SET custom_field_label = '$label', custom_field_type = '$type' WHERE custom_field_id = $custom_field_id");
|
||||
|
||||
// Logging
|
||||
logAction("Custom Field", "Edit", "$session_name edited custom field $label", 0, $custom_field_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom field <strong>$label</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if(isset($_GET['delete_custom_field'])){
|
||||
$custom_field_id = intval($_GET['delete_custom_field']);
|
||||
|
||||
// Get Custom Field Label for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT custom_field_label FROM custom_fields WHERE custom_field_id = $custom_field_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$custom_field_label = sanitizeInput($row['custom_field_label']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM custom_fields WHERE custom_field_id = $custom_field_id");
|
||||
|
||||
// Logging
|
||||
logAction("Custom Field", "Delete", "$session_name deleted custom field $label");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Custom field <strong>$label</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$label = sanitizeInput($_POST['label']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
@@ -1,71 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for showing custom links on navbars
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_custom_link'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$uri = sanitizeInput($_POST['uri']);
|
||||
$new_tab = intval($_POST['new_tab'] ?? 0);
|
||||
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
|
||||
$order = intval($_POST['order'] ?? 0);
|
||||
$location = intval($_POST['location']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location");
|
||||
|
||||
$custom_link_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Custom Link", "Create", "$session_name created custom link $name -> $uri", 0, $custom_link_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom link <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_custom_link'])) {
|
||||
|
||||
$custom_link_id = intval($_POST['custom_link_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$uri = sanitizeInput($_POST['uri']);
|
||||
$new_tab = intval($_POST['new_tab'] ?? 0);
|
||||
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
|
||||
$order = intval($_POST['order'] ?? 0);
|
||||
$location = intval($_POST['location']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location WHERE custom_link_id = $custom_link_id");
|
||||
|
||||
// Logging
|
||||
logAction("Custom Link", "Edit", "$session_name edited custom link $name -> $uri", 0, $custom_link_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom Link <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_custom_link'])) {
|
||||
$custom_link_id = intval($_GET['delete_custom_link']);
|
||||
|
||||
// Get Custom Link name and uri for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT custom_link_name, custom_link_uri FROM custom_links WHERE custom_link_id = $custom_link_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$custom_link_name = sanitizeInput($row['custom_link_name']);
|
||||
$custom_link_uri = sanitizeInput($row['custom_link_uri']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM custom_links WHERE custom_link_id = $custom_link_id");
|
||||
|
||||
// Logging
|
||||
logAction("Custom Link", "Delete", "$session_name deleted custom link $custom_link_name -> $custom_link_uri");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Custom Link <strong>$name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Doc Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_document_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
|
||||
|
||||
// Document create query
|
||||
mysqli_query($mysqli,"INSERT INTO document_templates SET document_template_name = '$name', document_template_description = '$description', document_template_content = '$content', document_template_created_by = $session_user_id");
|
||||
|
||||
$document_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Document Template", "Create", "$session_name created document template $name", 0, $document_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Document template <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_document_template'])) {
|
||||
|
||||
$document_template_id = intval($_POST['document_template_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
|
||||
|
||||
// Document edit query
|
||||
mysqli_query($mysqli,"UPDATE document_templates SET document_template_name = '$name', document_template_description = '$description', document_template_content = '$content', document_template_updated_by = $session_user_id WHERE document_template_id = $document_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Document Template", "Edit", "$session_name edited document template $name", 0, $document_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Document Template <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_document_template'])) {
|
||||
|
||||
$document_template_id = intval($_GET['delete_document_template']);
|
||||
|
||||
// Get Document Template Name for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT document_template_name FROM document_templates WHERE document_template_id = $document_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$document_template_name = sanitizeInput($row['document_template_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM document_templates WHERE document_template_id = $document_template_id");
|
||||
|
||||
//Logging
|
||||
logAction("Document Template", "Delete", "$session_name deleted document template $document_template_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Document Template <strong>$document_template_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,21 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_identity_provider'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$azure_client_id = sanitizeInput($_POST['azure_client_id']);
|
||||
$azure_client_secret = sanitizeInput($_POST['azure_client_secret']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_azure_client_id = '$azure_client_id', config_azure_client_secret = '$azure_client_secret' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited identity provider settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Identity Provider Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,93 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['send_failed_mail'])) {
|
||||
|
||||
$email_id = intval($_GET['send_failed_mail']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 0, email_attempts = 3 WHERE email_id = $email_id");
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Send", "$session_name attempted to force send email id: $email_id in the mail queue", 0, $email_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Email Force Sent, give it a minute to resend";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['cancel_mail'])) {
|
||||
|
||||
$email_id = intval($_GET['cancel_mail']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Send", "$session_name canceled send email id: $email_id in the mail queue", 0, $email_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Email cancelled and marked as failed.";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['bulk_cancel_emails'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
if (isset($_POST['email_ids'])) {
|
||||
|
||||
$count = count($_POST['email_ids']);
|
||||
|
||||
// Cycle through array and mark each email as failed
|
||||
foreach ($_POST['email_ids'] as $email_id) {
|
||||
|
||||
$email_id = intval($email_id);
|
||||
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Cancel", "$session_name cancelled email id: $email_id in the mail queue", 0, $email_id);
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Bulk Cancel", "$session_name cancelled $count email(s) in the mail queue");
|
||||
|
||||
$_SESSION['alert_message'] = "Cancelled <strong>$count</strong> email(s)";
|
||||
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['bulk_delete_emails'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
if (isset($_POST['email_ids'])) {
|
||||
|
||||
$count = count($_POST['email_ids']);
|
||||
|
||||
// Cycle through array and delete each email
|
||||
foreach ($_POST['email_ids'] as $email_id) {
|
||||
|
||||
$email_id = intval($email_id);
|
||||
mysqli_query($mysqli,"DELETE FROM email_queue WHERE email_id = $email_id");
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Delete", "$session_name deleted email id: $email_id from the mail queue");
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Email", "Bulk Delete", "$session_name deleted $count email(s) from the mail queue");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> email(s)";
|
||||
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,64 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for AI Providers ('ai_providers')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_payment_method'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO payment_methods SET payment_method_name = '$name', payment_method_description = '$description'");
|
||||
|
||||
// Logging
|
||||
logAction("Payment Method", "Create", "$session_name created Payment Method $name");
|
||||
|
||||
$_SESSION['alert_message'] = "Payment Method <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_payment_method'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$payment_method_id = intval($_POST['payment_method_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE payment_methods SET payment_method_name = '$name', payment_method_description = '$description' WHERE payment_method_id = $payment_method_id");
|
||||
|
||||
// Logging
|
||||
logAction("Payment Method", "Edit", "$session_name edited Payment Method $name");
|
||||
|
||||
$_SESSION['alert_message'] = "Payment Method <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_payment_method'])) {
|
||||
|
||||
$payment_method_id = intval($_GET['delete_payment_method']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT payment_method_name FROM payment_methods WHERE payment_method_id = $payment_method_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$payment_method_name = sanitizeInput($row['payment_method_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM payment_methods WHERE payment_method_id = $payment_method_id");
|
||||
|
||||
// Logging
|
||||
logAction("Payment Method", "Delete", "$session_name deleted Payment Method $payment_method_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Payment Method <strong>$payment_method_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,106 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for AI Providers ('ai_providers')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_payment_provider'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider = sanitizeInput($_POST['provider']);
|
||||
$public_key = sanitizeInput($_POST['public_key']);
|
||||
$private_key = sanitizeInput($_POST['private_key']);
|
||||
$threshold = floatval($_POST['threshold']);
|
||||
$enable_expense = intval($_POST['enable_expense'] ?? 0);
|
||||
$percentage_fee = floatval($_POST['percentage_fee']) / 100;
|
||||
$flat_fee = floatval($_POST['flat_fee']);
|
||||
|
||||
// Check for Stripe Account if not create it
|
||||
$sql_account = mysqli_query($mysqli,"SELECT account_id FROM accounts WHERE account_name = '$provider' AND account_archived_at IS NULL LIMIT 1");
|
||||
if (mysqli_num_rows($sql_account) == 0) {
|
||||
$account_id = mysqli_insert_id($mysqli);
|
||||
} else {
|
||||
$row = mysqli_fetch_array($sql_account);
|
||||
$account_id = intval($row['account_id']);
|
||||
}
|
||||
|
||||
if ($enable_expense) {
|
||||
// Category
|
||||
$sql_category = mysqli_query($mysqli,"SELECT category_id FROM categories WHERE category_name = 'Payment Processing' AND category_type = 'Expense' AND category_archived_at IS NULL LIMIT 1");
|
||||
if (mysqli_num_rows($sql_category) == 0) {
|
||||
mysqli_query($mysqli,"INSERT INTO categories SET category_name = 'Processing Fee', category_type = 'Payment Processing', category_color = 'gray'");
|
||||
$category_id = mysqli_insert_id($mysqli);
|
||||
} else {
|
||||
$row = mysqli_fetch_array($sql_category);
|
||||
$category_id = intval($row['category_id']);
|
||||
}
|
||||
//Vendor
|
||||
$sql_vendor = mysqli_query($mysqli,"SELECT vendor_id FROM vendors WHERE vendor_name = '$provider' AND vendor_client_id = 0 AND vendor_archived_at IS NULL LIMIT 1");
|
||||
if (mysqli_num_rows($sql_vendor) == 0) {
|
||||
mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$provider', vendor_descripion = 'Payment Processor Provider', vendor_client_id = 0");
|
||||
$vendor_id = mysqli_insert_id($mysqli);
|
||||
} else {
|
||||
$row = mysqli_fetch_array($sql_vendor);
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
}
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO payment_providers SET payment_provider_name = '$provider', payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_account = $account_id, payment_provider_expense_vendor = $vendor_id, payment_provider_expense_category = $category_id, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee");
|
||||
|
||||
$provider_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Payment Provider", "Create", "$session_name created AI Provider $provider");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_payment_provider'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider_id = intval($_POST['provider_id']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$public_key = sanitizeInput($_POST['public_key']);
|
||||
$private_key = sanitizeInput($_POST['private_key']);
|
||||
$threshold = floatval($_POST['threshold']);
|
||||
$enable_expense = intval($_POST['enable_expense'] ?? 0);
|
||||
$percentage_fee = floatval($_POST['percentage_fee']) / 100;
|
||||
$flat_fee = floatval($_POST['flat_fee']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE payment_providers SET payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee WHERE payment_provider_id = $provider_id");
|
||||
|
||||
// Logging
|
||||
logAction("Payment Provider", "Edit", "$session_name edited Payment Provider $provider");
|
||||
|
||||
$_SESSION['alert_message'] = "Payment Provider <strong>$provider</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_payment_provider'])) {
|
||||
|
||||
$provider_id = intval($_GET['delete_payment_provider']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT payment_provider_name FROM payment_providers WHERE payment_provider_id = $provider_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$provider_name = sanitizeInput($row['payment_provider_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM payment_providers WHERE payment_provider_id = $provider_id");
|
||||
|
||||
// Logging
|
||||
logAction("Payment Provider", "Delete", "$session_name deleted Payment Provider $provider_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Payment Provider <strong>$provider_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,104 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_project_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO project_templates SET project_template_name = '$name', project_template_description = '$description'");
|
||||
|
||||
$project_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Project Template", "Create", "$session_name created project template $name", 0, $project_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Project Template <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_project_template'])) {
|
||||
|
||||
$project_template_id = intval($_POST['project_template_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE project_templates SET project_template_name = '$name', project_template_description = '$description' WHERE project_template_id = $project_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Project Template", "Edit", "$session_name edited project template $name", 0, $project_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Project Template <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_ticket_template_order'])) {
|
||||
|
||||
$ticket_template_id = intval($_POST['ticket_template_id']);
|
||||
$project_template_id = intval($_POST['project_template_id']);
|
||||
$order = intval($_POST['order']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE project_template_ticket_templates SET ticket_template_order = $order WHERE ticket_template_id = $ticket_template_id AND project_template_id = $project_template_id");
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['add_ticket_template_to_project_template'])) {
|
||||
|
||||
$project_template_id = intval($_POST['project_template_id']);
|
||||
$ticket_template_id = intval($_POST['ticket_template_id']);
|
||||
$order = intval($_POST['order']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id, ticket_template_order = $order");
|
||||
|
||||
// Logging
|
||||
logAction("Project Template", "Edit", "$session_name added ticket template to project_template", 0, $project_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Ticket template added";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['remove_ticket_template_from_project_template'])) {
|
||||
|
||||
validateTechRole();
|
||||
$ticket_template_id = intval($_POST['ticket_template_id']);
|
||||
$project_template_id = intval($_POST['project_template_id']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id AND ticket_template_id = $ticket_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Project Template", "Edit", "$session_name removed ticket template from project template", 0, $project_template_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Ticket template removed";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_project_template'])) {
|
||||
|
||||
$project_template_id = intval($_GET['delete_project_template']);
|
||||
|
||||
// Get project template name
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM project_templates WHERE project_template_id = $project_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$project_template_name = sanitizeInput($row['project_template_name']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM project_templates WHERE project_template_id = $project_template_id");
|
||||
|
||||
// Remove Associated Ticket Templates
|
||||
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Project Template", "Delete", "$session_name deleted project template $project_template_name and its associated ticket templates and tasks");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Project Template <strong>$project_template_name</strong> and its associated ticket templates and tasks deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,89 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for roles
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_role'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$name = sanitizeInput($_POST['role_name']);
|
||||
$description = sanitizeInput($_POST['role_description']);
|
||||
$admin = intval($_POST['role_is_admin']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin");
|
||||
|
||||
$role_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("User Role", "Create", "$session_name created user role $name", 0, $role_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User Role <strong$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_role'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
// Update role metadata
|
||||
$role_id = sanitizeInput($_POST['role_id']);
|
||||
$name = sanitizeInput($_POST['role_name']);
|
||||
$description = sanitizeInput($_POST['role_description']);
|
||||
$admin = intval($_POST['role_is_admin']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin WHERE role_id = $role_id");
|
||||
|
||||
// Update role access levels
|
||||
mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id");
|
||||
foreach ($_POST as $key => $value) {
|
||||
if (str_contains($key, '##module_')){
|
||||
$module_id = intval(explode('##', $key)[0]);
|
||||
$access_level = intval($value);
|
||||
|
||||
if ($access_level > 0) {
|
||||
mysqli_query($mysqli, "INSERT INTO user_role_permissions SET user_role_id = $role_id, module_id = $module_id, user_role_permission_level = $access_level");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("User Role", "Edit", "$session_name edited user role $name", 0, $role_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User Role <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_GET['archive_role'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$role_id = intval($_GET['archive_role']);
|
||||
|
||||
// Check role isn't in use
|
||||
$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
|
||||
$role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
|
||||
if ($role_user_count != 0) {
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Role must not in use to archive it";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
exit();
|
||||
}
|
||||
|
||||
mysqli_query($mysqli, "UPDATE user_roles SET role_archived_at = NOW() WHERE role_id = $role_id");
|
||||
|
||||
// Logging
|
||||
$role_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT role_name FROM user_roles WHERE role_id = $role_id LIMIT 1"));
|
||||
$role_name = sanitizeInput($role_details['role_name']);
|
||||
logAction("User Role", "Archive", "$session_name archived user role $role_name", 0, $role_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User Role archived";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,68 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['delete_saved_payment'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$saved_payment_id = intval($_GET['delete_saved_payment']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "
|
||||
SELECT
|
||||
client_saved_payment_methods.saved_payment_id,
|
||||
client_saved_payment_methods.saved_payment_client_id,
|
||||
client_saved_payment_methods.saved_payment_provider_id,
|
||||
client_saved_payment_methods.saved_payment_provider_method,
|
||||
client_saved_payment_methods.saved_payment_description,
|
||||
client_payment_provider.payment_provider_client,
|
||||
payment_providers.payment_provider_name,
|
||||
payment_providers.payment_provider_private_key
|
||||
FROM client_saved_payment_methods
|
||||
LEFT JOIN client_payment_provider
|
||||
ON client_payment_provider.client_id = client_saved_payment_methods.saved_payment_client_id
|
||||
AND client_payment_provider.payment_provider_id = client_saved_payment_methods.saved_payment_provider_id
|
||||
LEFT JOIN payment_providers
|
||||
ON payment_providers.payment_provider_id = client_saved_payment_methods.saved_payment_provider_id
|
||||
WHERE client_saved_payment_methods.saved_payment_id = $saved_payment_id"
|
||||
);
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$client_id = intval($row['saved_payment_client_id']);
|
||||
$provider_id = intval($row['saved_payment_provider_id']);
|
||||
$payment_provider_name = nullable_htmlentities($row['payment_provider_name']);
|
||||
$saved_payment_description = nullable_htmlentities($row['saved_payment_description']);
|
||||
$provider_client = nullable_htmlentities($row['payment_provider_client']);
|
||||
$payment_method = $row['saved_payment_provider_method'];
|
||||
|
||||
$private_key = $row['payment_provider_private_key'];
|
||||
|
||||
// Seperate logic for each Payment Provider
|
||||
if ($payment_provider_name == 'Stripe') {
|
||||
|
||||
try {
|
||||
// Initialize stripe
|
||||
require_once 'plugins/stripe-php/init.php';
|
||||
$stripe = new \Stripe\StripeClient($private_key);
|
||||
|
||||
// Detach PM
|
||||
$stripe->paymentMethods->detach($payment_method, []);
|
||||
|
||||
} catch (Exception $e) {
|
||||
$error = $e->getMessage();
|
||||
error_log("Stripe payment error - encountered exception when removing payment method info for $payment_method: $error");
|
||||
logApp("Stripe", "error", "Exception removing payment method for $payment_method: $error");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Remove payment method from ITFlow
|
||||
mysqli_query($mysqli, "DELETE FROM client_saved_payment_methods WHERE saved_payment_id = $saved_payment_id");
|
||||
|
||||
// SQL Cascade delete will Remove All Associated Auto Payment Methods on recurring invoices in the recurring payments table.
|
||||
|
||||
// Logging & Redirect
|
||||
logAction("Payment Provider", "Update", "$session_name deleted saved payment method $saved_payment_description (PM: $payment_method)", $client_id);
|
||||
$_SESSION['alert_message'] = "Payment method <strong>$saved_payment_description</strong> removed";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_ai_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$provider = sanitizeInput($_POST['provider']);
|
||||
if($provider){
|
||||
$ai_enable = 1;
|
||||
} else {
|
||||
$ai_enable = 0;
|
||||
}
|
||||
$model = sanitizeInput($_POST['model']);
|
||||
$url = sanitizeInput($_POST['url']);
|
||||
$api_key = sanitizeInput($_POST['api_key']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_ai_enable = $ai_enable, config_ai_provider = '$provider', config_ai_model = '$model', config_ai_url = '$url', config_ai_api_key = '$api_key' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited AI settings");
|
||||
|
||||
$_SESSION['alert_message'] = "AI Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,74 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_company'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$address = sanitizeInput($_POST['address']);
|
||||
$city = sanitizeInput($_POST['city']);
|
||||
$state = sanitizeInput($_POST['state']);
|
||||
$zip = sanitizeInput($_POST['zip']);
|
||||
$country = sanitizeInput($_POST['country']);
|
||||
$phone_country_code = preg_replace("/[^0-9]/", '',$_POST['phone_country_code']);
|
||||
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
|
||||
$email = sanitizeInput($_POST['email']);
|
||||
$website = sanitizeInput($_POST['website']);
|
||||
$tax_id = sanitizeInput($_POST['tax_id']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT company_logo FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$existing_file_name = sanitizeInput($row['company_logo']);
|
||||
|
||||
// Company logo
|
||||
if (isset($_FILES['file']['tmp_name'])) {
|
||||
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) {
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/settings/";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
|
||||
move_uploaded_file($file_tmp_path, $dest_path);
|
||||
|
||||
// Delete old file
|
||||
unlink("uploads/settings/$existing_file_name");
|
||||
|
||||
// Set Logo
|
||||
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone_country_code = '$phone_country_code', company_phone = '$phone', company_email = '$email', company_website = '$website', company_tax_id = '$tax_id' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited company details");
|
||||
|
||||
$_SESSION['alert_message'] = "Company <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['remove_company_logo'])) {
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT company_logo FROM companies");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_logo = $row['company_logo']; // FileSystem Operation Logo is already sanitized
|
||||
|
||||
unlink("uploads/settings/$company_logo");
|
||||
|
||||
mysqli_query($mysqli,"UPDATE companies SET company_logo = NULL WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name deleted company logo");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Removed company logo";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_default_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$start_page = sanitizeInput($_POST['start_page']);
|
||||
$expense_account = intval($_POST['expense_account']);
|
||||
$payment_account = intval($_POST['payment_account']);
|
||||
$payment_method = sanitizeInput($_POST['payment_method']);
|
||||
$expense_payment_method = sanitizeInput($_POST['expense_payment_method']);
|
||||
$transfer_from_account = intval($_POST['transfer_from_account']);
|
||||
$transfer_to_account = intval($_POST['transfer_to_account']);
|
||||
$calendar = intval($_POST['calendar']);
|
||||
$net_terms = intval($_POST['net_terms']);
|
||||
$hourly_rate = floatval($_POST['hourly_rate']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$start_page', config_default_expense_account = $expense_account, config_default_payment_account = $payment_account, config_default_payment_method = '$payment_method', config_default_expense_payment_method = '$expense_payment_method', config_default_transfer_from_account = $transfer_from_account, config_default_transfer_to_account = $transfer_to_account, config_default_calendar = $calendar, config_default_net_terms = $net_terms, config_default_hourly_rate = $hourly_rate WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited default settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Default settings edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_invoice_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_invoice_prefix = sanitizeInput($_POST['config_invoice_prefix']);
|
||||
$config_invoice_next_number = intval($_POST['config_invoice_next_number']);
|
||||
$config_invoice_footer = sanitizeInput($_POST['config_invoice_footer']);
|
||||
$config_invoice_show_tax_id = intval($_POST['config_invoice_show_tax_id'] ?? 0);
|
||||
$config_invoice_late_fee_enable = intval($_POST['config_invoice_late_fee_enable'] ?? 0);
|
||||
$config_invoice_late_fee_percent = floatval($_POST['config_invoice_late_fee_percent']);
|
||||
$config_recurring_invoice_prefix = sanitizeInput($_POST['config_recurring_invoice_prefix']);
|
||||
$config_recurring_invoice_next_number = intval($_POST['config_recurring_invoice_next_number']);
|
||||
$config_invoice_paid_notification_email = '';
|
||||
if (filter_var($_POST['config_invoice_paid_notification_email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$config_invoice_paid_notification_email = sanitizeInput($_POST['config_invoice_paid_notification_email']);
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_invoice_footer = '$config_invoice_footer', config_invoice_show_tax_id = $config_invoice_show_tax_id, config_invoice_late_fee_enable = $config_invoice_late_fee_enable, config_invoice_late_fee_percent = $config_invoice_late_fee_percent, config_invoice_paid_notification_email = '$config_invoice_paid_notification_email', config_recurring_invoice_prefix = '$config_recurring_invoice_prefix', config_recurring_invoice_next_number = $config_recurring_invoice_next_number WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited invoice settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Invoice Settings edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,24 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_localization'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$locale = sanitizeInput($_POST['locale']);
|
||||
$currency_code = sanitizeInput($_POST['currency_code']);
|
||||
$timezone = sanitizeInput($_POST['timezone']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE companies SET company_locale = '$locale', company_currency = '$currency_code' WHERE company_id = 1");
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_timezone = '$timezone' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited localization settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Company localization updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,143 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_mail_smtp_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_smtp_host = sanitizeInput($_POST['config_smtp_host']);
|
||||
$config_smtp_port = intval($_POST['config_smtp_port']);
|
||||
$config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']);
|
||||
$config_smtp_username = sanitizeInput($_POST['config_smtp_username']);
|
||||
$config_smtp_password = sanitizeInput($_POST['config_smtp_password']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_encryption = '$config_smtp_encryption', config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited SMTP mail settings");
|
||||
|
||||
$_SESSION['alert_message'] = "SMTP Mail Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_mail_imap_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_imap_host = sanitizeInput($_POST['config_imap_host']);
|
||||
$config_imap_username = sanitizeInput($_POST['config_imap_username']);
|
||||
$config_imap_password = sanitizeInput($_POST['config_imap_password']);
|
||||
$config_imap_port = intval($_POST['config_imap_port']);
|
||||
$config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_imap_host = '$config_imap_host', config_imap_port = $config_imap_port, config_imap_encryption = '$config_imap_encryption', config_imap_username = '$config_imap_username', config_imap_password = '$config_imap_password' WHERE company_id = 1");
|
||||
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited IMAP mail settings");
|
||||
|
||||
$_SESSION['alert_message'] = "IMAP Mail Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_mail_from_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL));
|
||||
$config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name']));
|
||||
|
||||
$config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL));
|
||||
$config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name']));
|
||||
|
||||
$config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL));
|
||||
$config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name']));
|
||||
|
||||
$config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL));
|
||||
$config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name']));
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited mail from settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Mail From Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['test_email_smtp'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$test_email = intval($_POST['test_email']);
|
||||
if($test_email == 1) {
|
||||
$email_from = sanitizeInput($config_mail_from_email);
|
||||
$email_from_name = sanitizeInput($config_mail_from_name);
|
||||
} elseif ($test_email == 2) {
|
||||
$email_from = sanitizeInput($config_invoice_from_email);
|
||||
$email_from_name = sanitizeInput($config_invoice_from_name);
|
||||
} elseif ($test_email == 3) {
|
||||
$email_from = sanitizeInput($config_quote_from_email);
|
||||
$email_from_name = sanitizeInput($config_quote_from_name);
|
||||
} else {
|
||||
$email_from = sanitizeInput($config_ticket_from_email);
|
||||
$email_from_name = sanitizeInput($config_ticket_from_name);
|
||||
}
|
||||
|
||||
$email_to = sanitizeInput($_POST['email_to']);
|
||||
$subject = "Test email from ITFlow";
|
||||
$body = "This is a test email from ITFlow. If you are reading this, it worked!";
|
||||
|
||||
$data = [
|
||||
[
|
||||
'from' => $email_from,
|
||||
'from_name' => $email_from_name,
|
||||
'recipient' => $email_to,
|
||||
'recipient_name' => 'Chap',
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
]
|
||||
];
|
||||
$mail = addToMailQueue($data);
|
||||
|
||||
if ($mail === true) {
|
||||
$_SESSION['alert_message'] = "Test email queued! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>";
|
||||
} else {
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Failed to add test mail to queue";
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['test_email_imap'])) {
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
// Setup your IMAP connection parameters
|
||||
$hostname = "{" . $config_imap_host . ":" . $config_imap_port . "/" . $config_imap_encryption . "/novalidate-cert}INBOX";
|
||||
$username = $config_imap_username;
|
||||
$password = $config_imap_password;
|
||||
|
||||
try {
|
||||
$inbox = @imap_open($hostname, $username, $password);
|
||||
|
||||
if ($inbox) {
|
||||
imap_close($inbox);
|
||||
$_SESSION['alert_message'] = "Connected successfully";
|
||||
} else {
|
||||
throw new Exception(imap_last_error());
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Test IMAP connection failed: " . $e->getMessage();
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_module_settings'])) {
|
||||
|
||||
$config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc'] ?? 0);
|
||||
$config_module_enable_ticketing = intval($_POST['config_module_enable_ticketing'] ?? 0);
|
||||
$config_module_enable_accounting = intval($_POST['config_module_enable_accounting'] ?? 0);
|
||||
$config_client_portal_enable = intval($_POST['config_client_portal_enable'] ?? 0);
|
||||
$config_whitelabel_key = sanitizeInput($_POST['config_whitelabel_key']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_module_enable_itdoc = $config_module_enable_itdoc, config_module_enable_ticketing = $config_module_enable_ticketing, config_module_enable_accounting = $config_module_enable_accounting, config_client_portal_enable = $config_client_portal_enable WHERE company_id = 1");
|
||||
|
||||
// Validate white label key
|
||||
if (!empty($config_whitelabel_key && validateWhitelabelKey($config_whitelabel_key))) {
|
||||
mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 1, config_whitelabel_key = '$config_whitelabel_key' WHERE company_id = 1");
|
||||
} else {
|
||||
mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 0, config_whitelabel_key = '' WHERE company_id = 1");
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited module settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Module Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,24 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_notification_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_enable_cron = intval($_POST['config_enable_cron'] ?? 0);
|
||||
$config_enable_alert_domain_expire = intval($_POST['config_enable_alert_domain_expire'] ?? 0);
|
||||
$config_send_invoice_reminders = intval($_POST['config_send_invoice_reminders'] ?? 0);
|
||||
$config_recurring_auto_send_invoice = intval($_POST['config_recurring_auto_send_invoice'] ?? 0);
|
||||
$config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications'] ?? 0);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_send_invoice_reminders = $config_send_invoice_reminders, config_recurring_auto_send_invoice = $config_recurring_auto_send_invoice, config_enable_cron = $config_enable_cron, config_enable_alert_domain_expire = $config_enable_alert_domain_expire, config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited notification settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Notification Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_online_payment_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_stripe_enable = intval($_POST['config_stripe_enable'] ?? 0);
|
||||
$config_stripe_publishable = sanitizeInput($_POST['config_stripe_publishable']);
|
||||
$config_stripe_secret = sanitizeInput($_POST['config_stripe_secret']);
|
||||
$config_stripe_account = intval($_POST['config_stripe_account']);
|
||||
$config_stripe_expense_vendor = intval($_POST['config_stripe_expense_vendor']);
|
||||
$config_stripe_expense_category = intval($_POST['config_stripe_expense_category']);
|
||||
$config_stripe_percentage_fee = floatval($_POST['config_stripe_percentage_fee']) / 100;
|
||||
$config_stripe_flat_fee = floatval($_POST['config_stripe_flat_fee']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_stripe_enable = $config_stripe_enable, config_stripe_publishable = '$config_stripe_publishable', config_stripe_secret = '$config_stripe_secret', config_stripe_account = $config_stripe_account, config_stripe_expense_vendor = $config_stripe_expense_vendor, config_stripe_expense_category = $config_stripe_expense_category, config_stripe_percentage_fee = $config_stripe_percentage_fee, config_stripe_flat_fee = $config_stripe_flat_fee WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited online payment settings");
|
||||
|
||||
if ($config_stripe_enable && $config_stripe_account == 0) {
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Stripe payment account must be specified!";
|
||||
} else {
|
||||
$_SESSION['alert_message'] = "Online Payment Settings updated";
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,70 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['stripe_remove_pm'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
if (!$config_stripe_enable) {
|
||||
$_SESSION['alert_message'] = "Stripe not enabled";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
exit();
|
||||
}
|
||||
|
||||
$client_id = intval($_GET['client_id']);
|
||||
$payment_method = sanitizeInput($_GET['pm']);
|
||||
|
||||
try {
|
||||
// Initialize stripe
|
||||
require_once 'plugins/stripe-php/init.php';
|
||||
$stripe = new \Stripe\StripeClient($config_stripe_secret);
|
||||
|
||||
// Detach PM
|
||||
$stripe->paymentMethods->detach($payment_method, []);
|
||||
|
||||
} catch (Exception $e) {
|
||||
$error = $e->getMessage();
|
||||
error_log("Stripe payment error - encountered exception when removing payment method info for $payment_method: $error");
|
||||
logApp("Stripe", "error", "Exception removing payment method for $payment_method: $error");
|
||||
}
|
||||
|
||||
// Remove payment method from ITFlow
|
||||
mysqli_query($mysqli, "UPDATE client_stripe SET stripe_pm = NULL WHERE client_id = $client_id LIMIT 1");
|
||||
|
||||
// Remove Auto Pay on recurring invoices that are stripe
|
||||
$sql_recurring_invoices = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id");
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
|
||||
$recurring_invoice_id = intval($row['recurring_invoice_id']);
|
||||
mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_method = 'Stripe' AND recurring_payment_recurring_invoice_id = $recurring_invoice_id");
|
||||
}
|
||||
|
||||
// Logging & Redirect
|
||||
logAction("Stripe", "Update", "$session_name deleted saved Stripe payment method (PM: $payment_method)", $client_id);
|
||||
$_SESSION['alert_message'] = "Payment method removed";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['stripe_reset_customer'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$client_id = intval($_GET['client_id']);
|
||||
|
||||
// Delete the customer id and payment method id stored in ITFlow, allowing the client to set these up again
|
||||
mysqli_query($mysqli, "DELETE FROM client_stripe WHERE client_id = $client_id");
|
||||
|
||||
// Remove Auto Pay on recurring invoices that are stripe
|
||||
$sql_recurring_invoices = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id");
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
|
||||
$recurring_invoice_id = intval($row['recurring_invoice_id']);
|
||||
mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_method = 'Stripe' AND recurring_payment_recurring_invoice_id = $recurring_invoice_id");
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Stripe", "Delete", "$session_name reset Stripe settings for client", $client_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Reset client Stripe settings";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,21 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_project_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_project_prefix = sanitizeInput($_POST['config_project_prefix']);
|
||||
$config_project_next_number = intval($_POST['config_project_next_number']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_project_prefix = '$config_project_prefix', config_project_next_number = $config_project_next_number WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited project settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Project Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_quote_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_quote_prefix = sanitizeInput($_POST['config_quote_prefix']);
|
||||
$config_quote_next_number = intval($_POST['config_quote_next_number']);
|
||||
$config_quote_footer = sanitizeInput($_POST['config_quote_footer']);
|
||||
$config_quote_notification_email = '';
|
||||
if (filter_var($_POST['config_quote_notification_email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$config_quote_notification_email = sanitizeInput($_POST['config_quote_notification_email']);
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer', config_quote_notification_email = '$config_quote_notification_email' WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited Quote settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Quote Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_security_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_login_message = sanitizeInput($_POST['config_login_message']);
|
||||
$config_login_key_required = intval($_POST['config_login_key_required'] ?? 0);
|
||||
$config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
|
||||
$config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
|
||||
$config_log_retention = intval($_POST['config_log_retention']);
|
||||
|
||||
// Disallow turning on login key without a secret
|
||||
if (empty($config_login_key_secret)) {
|
||||
$config_login_key_required = 0;
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire, config_log_retention = $config_log_retention WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited security settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Security settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,20 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_telemetry_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$config_telemetry = intval($_POST['config_telemetry']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_telemetry = $config_telemetry WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited telemetry settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Telemetry Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,54 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_theme_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$dark_mode = intval($_POST['dark_mode'] ?? 0);
|
||||
|
||||
$theme = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['edit_theme_settings']));
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme', config_theme_dark = $dark_mode WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited theme settings $dark_mode");
|
||||
|
||||
$_SESSION['alert_message'] = "Changed theme to <strong>$theme</strong>";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_favicon_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
// Check to see if a file is attached
|
||||
if (isset($_FILES['file']['tmp_name'])) {
|
||||
if ($new_file_name = checkFileUpload($_FILES['file'], array('ico'))) {
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
|
||||
// Delete old file
|
||||
if(file_exists("uploads/favicon.ico")) {
|
||||
unlink("uploads/favicon.ico");
|
||||
}
|
||||
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/";
|
||||
//Force File Name
|
||||
$new_file_name = "favicon.ico";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
|
||||
move_uploaded_file($file_tmp_path, $dest_path);
|
||||
}
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name changed the favicon");
|
||||
|
||||
$_SESSION['alert_message'] = "Favicon Updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_ticket_settings'])) {
|
||||
|
||||
$config_ticket_prefix = sanitizeInput($_POST['config_ticket_prefix']);
|
||||
$config_ticket_next_number = intval($_POST['config_ticket_next_number']);
|
||||
$config_ticket_email_parse = intval($_POST['config_ticket_email_parse'] ?? 0);
|
||||
$config_ticket_email_parse_unknown_senders = intval($_POST['config_ticket_email_parse_unknown_senders'] ?? 0);
|
||||
$config_ticket_default_billable = intval($_POST['config_ticket_default_billable'] ?? 0);
|
||||
$config_ticket_autoclose_hours = intval($_POST['config_ticket_autoclose_hours']);
|
||||
$config_ticket_new_ticket_notification_email = '';
|
||||
if (filter_var($_POST['config_ticket_new_ticket_notification_email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$config_ticket_new_ticket_notification_email = sanitizeInput($_POST['config_ticket_new_ticket_notification_email']);
|
||||
}
|
||||
$config_ticket_default_view = intval($_POST['config_ticket_default_view']);
|
||||
$config_ticket_moving_columns = intval($_POST['config_ticket_moving_columns']);
|
||||
$config_ticket_ordering = intval($_POST['config_ticket_ordering']);
|
||||
$config_ticket_timer_autostart = intval($_POST['config_ticket_timer_autostart']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_email_parse = $config_ticket_email_parse, config_ticket_email_parse_unknown_senders = $config_ticket_email_parse_unknown_senders, config_ticket_autoclose_hours = $config_ticket_autoclose_hours, config_ticket_new_ticket_notification_email = '$config_ticket_new_ticket_notification_email', config_ticket_default_billable = $config_ticket_default_billable, config_ticket_default_view = $config_ticket_default_view, config_ticket_moving_columns = $config_ticket_moving_columns, config_ticket_ordering = $config_ticket_ordering, config_ticket_timer_autostart = $config_ticket_timer_autostart WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
logAction("Settings", "Edit", "$session_name edited ticket settings");
|
||||
|
||||
$_SESSION['alert_message'] = "Ticket Settings updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,69 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Software/License Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_software_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$version = sanitizeInput($_POST['version']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
$license_type = sanitizeInput($_POST['license_type']);
|
||||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO software_templates SET software_template_name = '$name', software_template_version = '$version', software_template_description = '$description', software_template_type = '$type', software_template_license_type = '$license_type', software_template_notes = '$notes'");
|
||||
|
||||
$software_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Software Template", "Create", "$session_name created software template $name", 0, $software_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Software template <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_software_template'])) {
|
||||
|
||||
$software_template_id = intval($_POST['software_template_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$version = sanitizeInput($_POST['version']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
$license_type = sanitizeInput($_POST['license_type']);
|
||||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE software_templates SET software_template_name = '$name', software_template_version = '$version', software_template_description = '$description', software_template_type = '$type', software_template_license_type = '$license_type', software_template_notes = '$notes' WHERE software_template_id = $software_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Software Template", "Edit", "$session_name edited software template $name", 0, $software_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Software template <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_software_template'])) {
|
||||
|
||||
$software_template_id = intval($_GET['delete_software_template']);
|
||||
|
||||
// Get Software Template Name for logging and alert message
|
||||
$sql = mysqli_query($mysqli,"SELECT software_template_name FROM software_templates WHERE software_template_id = $software_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$software_template_name = sanitizeInput($row['software_template_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM software_templates WHERE software_template_id = $software_template_id");
|
||||
|
||||
//Logging
|
||||
logAction("Software Template", "Delete", "$session_name deleted software template $software_template_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Software Template <strong>$software_template_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,61 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for tagging
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_tag'])) {
|
||||
|
||||
require_once 'post/admin/admin_tag_model.php';
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'");
|
||||
|
||||
$tag_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Tag", "Create", "$session_name created tag $name", 0, $tag_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Tag <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_tag'])) {
|
||||
|
||||
require_once 'post/admin/admin_tag_model.php';
|
||||
|
||||
$tag_id = intval($_POST['tag_id']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon' WHERE tag_id = $tag_id");
|
||||
|
||||
// Logging
|
||||
logAction("Tag", "Edit", "$session_name edited tag $name", 0, $tag_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Tag <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_tag'])) {
|
||||
$tag_id = intval($_GET['delete_tag']);
|
||||
|
||||
// Get Tag Name for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT tag_name FROM tags WHERE tag_id = $tag_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$tag_name = sanitizeInput($row['tag_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM tags WHERE tag_id = $tag_id");
|
||||
|
||||
// Logging
|
||||
logAction("Tag", "Delete", "$session_name deleted tag $tag_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Tag <strong>$tag_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$type = intval($_POST['type']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
|
||||
@@ -1,85 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for tax
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_tax'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$percent = floatval($_POST['percent']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO taxes SET tax_name = '$name', tax_percent = $percent");
|
||||
|
||||
$tax_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Tax", "Create", "$session_name created tax $name - $percent%", 0, $tax_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Tax <strong>$name</strong> ($percent%) created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_tax'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
$tax_id = intval($_POST['tax_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$percent = floatval($_POST['percent']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE taxes SET tax_name = '$name', tax_percent = $percent WHERE tax_id = $tax_id");
|
||||
|
||||
// Logging
|
||||
logAction("Tax", "Edit", "$session_name edited tax $name - $percent%", 0, $tax_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Tax <strong>$name</strong> ($percent%) edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['archive_tax'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
$tax_id = intval($_GET['archive_tax']);
|
||||
|
||||
// Get Tax Name for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT tax_name FROM taxes WHERE tax_id = $tax_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$tax_name = sanitizeInput($row['tax_name']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE taxes SET tax_archived_at = NOW() WHERE tax_id = $tax_id");
|
||||
|
||||
// Logging
|
||||
logAction("Tax", "Archive", "$session_name archived tax $tax_name", 0, $tax_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Tax <strong>$tax_name</strong> Archived";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_tax'])) {
|
||||
$tax_id = intval($_GET['delete_tax']);
|
||||
|
||||
// Get Tax Name for logging
|
||||
$sql = mysqli_query($mysqli,"SELECT tax_name FROM taxs WHERE tax_id = $tax_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$tax_name = sanitizeInput($row['tax_name']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM taxes WHERE tax_id = $tax_id");
|
||||
|
||||
// Logging
|
||||
logAction("Tax", "Delete", "$session_name deleted tax $tax_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Tax <strong>$tax_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_ticket_status'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color'");
|
||||
|
||||
$ticket_status_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Status", "Create", "$session_name created custom ticket status $name", 0, $ticket_status_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom Ticket Status <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_ticket_status'])) {
|
||||
|
||||
$ticket_status_id = intval($_POST['ticket_status_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
$order = intval($_POST['order']);
|
||||
$status = intval($_POST['status']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_order = $order, ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Status", "Edit", "$session_name edited custom ticket status $name", 0, $ticket_status_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Custom Ticket Status <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_ticket_status'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$ticket_status_id = intval($_GET['delete_ticket_status']);
|
||||
|
||||
if ($ticket_status_id <= 5) {
|
||||
exit("Can't delete built-in statuses");
|
||||
}
|
||||
|
||||
// Get ticket status name for logging and notification
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Status", "Delete", "$session_name deleted custom ticket status $ticket_status_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Custom Ticket Status <strong>$ticket_status_name</strong> Deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,119 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Ticket Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from user-side tickets/tasks as we reuse functions
|
||||
require_once 'post/user/ticket.php';
|
||||
require_once 'post/user/task.php';
|
||||
|
||||
if (isset($_POST['add_ticket_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$subject = sanitizeInput($_POST['subject']);
|
||||
$details = mysqli_real_escape_string($mysqli, $_POST['details']);
|
||||
$project_template_id = intval($_POST['project_template']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details'");
|
||||
|
||||
$ticket_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
if($project_template_id) {
|
||||
mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id");
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Template", "Create", "$session_name created ticket template $name", 0, $ticket_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Ticket Template <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_ticket_template'])) {
|
||||
|
||||
$ticket_template_id = intval($_POST['ticket_template_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$subject = sanitizeInput($_POST['subject']);
|
||||
$details = mysqli_real_escape_string($mysqli, $_POST['details']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details' WHERE ticket_template_id = $ticket_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Template", "Edit", "$session_name edited ticket template $name", 0, $ticket_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Ticket Template <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_ticket_template'])) {
|
||||
|
||||
$ticket_template_id = intval($_GET['delete_ticket_template']);
|
||||
|
||||
// Get ticket template name
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$ticket_template_name = sanitizeInput($row['ticket_template_name']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
|
||||
|
||||
// Delete Associated Tasks
|
||||
mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
|
||||
|
||||
// Remove from Associated Project Templates
|
||||
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE ticket_template_id = $ticket_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Template", "Delete", "$session_name deleted ticket template $ticket_template_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Ticket Template <strong>$ticket_template_name</strong> and its associated tasks deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['add_ticket_template_task'])) {
|
||||
|
||||
$ticket_template_id = intval($_POST['ticket_template_id']);
|
||||
$task_name = sanitizeInput($_POST['task_name']);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO task_templates SET task_template_name = '$task_name', task_template_ticket_template_id = $ticket_template_id");
|
||||
|
||||
$task_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task Template', log_action = 'Create', log_description = '$session_name created task template $task_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Template", "Edit", "$session_name added task $task_name to ticket template", 0, $ticket_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Added Task <strong>$task_name</strong>";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_task_template'])) {
|
||||
|
||||
$task_template_id = intval($_GET['delete_task_template']);
|
||||
|
||||
// Get task template name
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_id = $task_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$task_template_name = sanitizeInput($row['task_template_name']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_id = $task_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Ticket Template", "Edit", "$session_name deleted task $task_template_name from ticket template");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Task <strong>$task_template_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,304 +0,0 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['update'])) {
|
||||
|
||||
validateAdminRole(); // Old function
|
||||
|
||||
//git fetch downloads the latest from remote without trying to merge or rebase anything. Then the git reset resets the master branch to what you just fetched. The --hard option changes all the files in your working tree to match the files in origin/master
|
||||
|
||||
if (isset($_GET['force_update']) == 1) {
|
||||
exec("git fetch --all");
|
||||
exec("git reset --hard origin/master");
|
||||
} else {
|
||||
exec("git pull");
|
||||
}
|
||||
//header("Location: post.php?update_db");
|
||||
|
||||
|
||||
// Send Telemetry if enabled during update
|
||||
if ($config_telemetry > 0 OR $config_telemetry = 2) {
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
$website = sanitizeInput($row['company_website']);
|
||||
$city = sanitizeInput($row['company_city']);
|
||||
$state = sanitizeInput($row['company_state']);
|
||||
$country = sanitizeInput($row['company_country']);
|
||||
$currency = sanitizeInput($row['company_currency']);
|
||||
$current_version = exec("git rev-parse HEAD");
|
||||
|
||||
// Client Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('client_id') AS num FROM clients"));
|
||||
$client_count = $row['num'];
|
||||
|
||||
// Ticket Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM tickets"));
|
||||
$ticket_count = $row['num'];
|
||||
|
||||
// Recurring Ticket Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('recurring_ticket_id') AS num FROM recurring_tickets"));
|
||||
$recurring_ticket_count = $row['num'];
|
||||
|
||||
// Calendar Event Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM calendar_events"));
|
||||
$calendar_event_count = $row['num'];
|
||||
|
||||
// Quote Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes"));
|
||||
$quote_count = $row['num'];
|
||||
|
||||
// Invoice Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices"));
|
||||
$invoice_count = $row['num'];
|
||||
|
||||
// Revenue Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('revenue_id') AS num FROM revenues"));
|
||||
$revenue_count = $row['num'];
|
||||
|
||||
// Recurring Invoice Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_invoice_id') AS num FROM recurring_invoices"));
|
||||
$recurring_invoice_count = $row['num'];
|
||||
|
||||
// Account Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('account_id') AS num FROM accounts"));
|
||||
$account_count = $row['num'];
|
||||
|
||||
// Tax Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tax_id') AS num FROM taxes"));
|
||||
$tax_count = $row['num'];
|
||||
|
||||
// Product Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('product_id') AS num FROM products"));
|
||||
$product_count = $row['num'];
|
||||
|
||||
// Payment Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments WHERE payment_invoice_id > 0"));
|
||||
$payment_count = $row['num'];
|
||||
|
||||
// Company Vendor Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_client_id = 0"));
|
||||
$company_vendor_count = $row['num'];
|
||||
|
||||
// Expense Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('expense_id') AS num FROM expenses WHERE expense_vendor_id > 0"));
|
||||
$expense_count = $row['num'];
|
||||
|
||||
// Trip Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips"));
|
||||
$trip_count = $row['num'];
|
||||
|
||||
// Transfer Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('transfer_id') AS num FROM transfers"));
|
||||
$transfer_count = $row['num'];
|
||||
|
||||
// Contact Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts"));
|
||||
$contact_count = $row['num'];
|
||||
|
||||
// Location Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations"));
|
||||
$location_count = $row['num'];
|
||||
|
||||
// Asset Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets"));
|
||||
$asset_count = $row['num'];
|
||||
|
||||
// Software Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software"));
|
||||
$software_count = $row['num'];
|
||||
|
||||
// Software Template Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_template_id') AS num FROM software_templates"));
|
||||
$software_template_count = $row['num'];
|
||||
|
||||
// Password Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('credential_id') AS num FROM credentials"));
|
||||
$credential_count = $row['num'];
|
||||
|
||||
// Network Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks"));
|
||||
$network_count = $row['num'];
|
||||
|
||||
// Certificate Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates"));
|
||||
$certificate_count = $row['num'];
|
||||
|
||||
// Domain Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains"));
|
||||
$domain_count = $row['num'];
|
||||
|
||||
// Service Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services"));
|
||||
$service_count = $row['num'];
|
||||
|
||||
// Client Vendor Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_client_id > 0"));
|
||||
$client_vendor_count = $row['num'];
|
||||
|
||||
// Vendor Template Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_template_id') AS num FROM vendor_templates"));
|
||||
$vendor_template_count = $row['num'];
|
||||
|
||||
// File Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files"));
|
||||
$file_count = $row['num'];
|
||||
|
||||
// Document Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents"));
|
||||
$document_count = $row['num'];
|
||||
|
||||
// Document Template Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_template_id') AS num FROM document_templates"));
|
||||
$document_template_count = $row['num'];
|
||||
|
||||
// Shared Item Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('item_id') AS num FROM shared_items"));
|
||||
$shared_item_count = $row['num'];
|
||||
|
||||
// Company Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('company_id') AS num FROM companies"));
|
||||
$company_count = $row['num'];
|
||||
|
||||
// User Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('user_id') AS num FROM users"));
|
||||
$user_count = $row['num'];
|
||||
|
||||
// Category Expense Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Expense'"));
|
||||
$category_expense_count = $row['num'];
|
||||
|
||||
// Category Income Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Income'"));
|
||||
$category_income_count = $row['num'];
|
||||
|
||||
// Category Referral Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Referral'"));
|
||||
$category_referral_count = $row['num'];
|
||||
|
||||
// Category Payment Method Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Payment Method'"));
|
||||
$category_payment_method_count = $row['num'];
|
||||
|
||||
// Tag Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tag_id') AS num FROM tags"));
|
||||
$tag_count = $row['num'];
|
||||
|
||||
// API Key Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('api_key_id') AS num FROM api_keys"));
|
||||
$api_key_count = $row['num'];
|
||||
|
||||
// Log Count
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('log_id') AS num FROM logs"));
|
||||
$log_count = $row['num'];
|
||||
|
||||
$postdata = http_build_query(
|
||||
array(
|
||||
'installation_id' => "$installation_id",
|
||||
'version' => "$current_version",
|
||||
'company_name' => "$company_name",
|
||||
'website' => "$website",
|
||||
'city' => "$city",
|
||||
'state' => "$state",
|
||||
'country' => "$country",
|
||||
'currency' => "$currency",
|
||||
'comments' => "$comments",
|
||||
'client_count' => $client_count,
|
||||
'ticket_count' => $ticket_count,
|
||||
'recurring_ticket_count' => $recurring_ticket_count,
|
||||
'calendar_event_count' => $calendar_event_count,
|
||||
'quote_count' => $quote_count,
|
||||
'invoice_count' => $invoice_count,
|
||||
'revenue_count' => $revenue_count,
|
||||
'recurring_invoice_count' => $recurring_invoice_count,
|
||||
'account_count' => $account_count,
|
||||
'tax_count' => $tax_count,
|
||||
'product_count' => $product_count,
|
||||
'payment_count' => $payment_count,
|
||||
'company_vendor_count' => $company_vendor_count,
|
||||
'expense_count' => $expense_count,
|
||||
'trip_count' => $trip_count,
|
||||
'transfer_count' => $transfer_count,
|
||||
'contact_count' => $contact_count,
|
||||
'location_count' => $location_count,
|
||||
'asset_count' => $asset_count,
|
||||
'software_count' => $software_count,
|
||||
'software_template_count' => $software_template_count,
|
||||
'credential_count' => $credential_count,
|
||||
'network_count' => $network_count,
|
||||
'certificate_count' => $certificate_count,
|
||||
'domain_count' => $domain_count,
|
||||
'service_count' => $service_count,
|
||||
'client_vendor_count' => $client_vendor_count,
|
||||
'vendor_template_count' => $vendor_template_count,
|
||||
'file_count' => $file_count,
|
||||
'document_count' => $document_count,
|
||||
'document_template_count' => $document_template_count,
|
||||
'shared_item_count' => $shared_item_count,
|
||||
'company_count' => $company_count,
|
||||
'user_count' => $user_count,
|
||||
'category_expense_count' => $category_expense_count,
|
||||
'category_income_count' => $category_income_count,
|
||||
'category_referral_count' => $category_referral_count,
|
||||
'category_payment_method_count' => $category_payment_method_count,
|
||||
'tag_count' => $tag_count,
|
||||
'api_key_count' => $api_key_count,
|
||||
'log_count' => $log_count,
|
||||
'config_theme' => "$config_theme",
|
||||
'config_enable_cron' => $config_enable_cron,
|
||||
'config_ticket_email_parse' => $config_ticket_email_parse,
|
||||
'config_module_enable_itdoc' => $config_module_enable_itdoc,
|
||||
'config_module_enable_ticketing' => $config_module_enable_ticketing,
|
||||
'config_module_enable_accounting' => $config_module_enable_accounting,
|
||||
'config_telemetry' => $config_telemetry,
|
||||
'collection_method' => 4
|
||||
)
|
||||
);
|
||||
|
||||
$opts = array('http' =>
|
||||
array(
|
||||
'method' => 'POST',
|
||||
'header' => 'Content-type: application/x-www-form-urlencoded',
|
||||
'content' => $postdata
|
||||
)
|
||||
);
|
||||
|
||||
$context = stream_context_create($opts);
|
||||
|
||||
$result = file_get_contents('https://telemetry.itflow.org', false, $context);
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("App", "Update", "$session_name ran updates");
|
||||
|
||||
$_SESSION['alert_message'] = "Update successful";
|
||||
|
||||
sleep(1);
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['update_db'])) {
|
||||
|
||||
//validateAdminRole(); // Old function
|
||||
|
||||
// Get the current version
|
||||
require_once ('includes/database_version.php');
|
||||
|
||||
// Perform upgrades, if required
|
||||
require_once ('database_updates.php');
|
||||
|
||||
// Logging
|
||||
logAction("Database", "Update", "$session_name updated the database structure");
|
||||
|
||||
$_SESSION['alert_message'] = "Database structure update successful";
|
||||
|
||||
sleep(1);
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,371 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* ITFlow - GET/POST request handler for user (agent) management
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_user'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
require_once 'post/admin/admin_user_model.php';
|
||||
|
||||
$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
|
||||
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext', user_role_id = $role");
|
||||
|
||||
$user_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Add Client Access Permissions if set
|
||||
if (isset($_POST['clients'])) {
|
||||
foreach($_POST['clients'] as $client_id) {
|
||||
$client_id = intval($client_id);
|
||||
mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
if (!file_exists("uploads/users/$user_id/")) {
|
||||
mkdir("uploads/users/$user_id");
|
||||
}
|
||||
|
||||
// Check for and process image/photo
|
||||
$extended_alert_description = '';
|
||||
if (isset($_FILES['file']['tmp_name'])) {
|
||||
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
|
||||
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/users/$user_id/";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
move_uploaded_file($file_tmp_path, $dest_path);
|
||||
|
||||
// Set Avatar
|
||||
mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
|
||||
$extended_alert_description = '. File successfully uploaded.';
|
||||
}
|
||||
}
|
||||
|
||||
// Create Settings
|
||||
mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_config_force_mfa = $force_mfa");
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
|
||||
// Sanitize Config vars from get_settings.php
|
||||
$config_mail_from_name = sanitizeInput($config_mail_from_name);
|
||||
$config_mail_from_email = sanitizeInput($config_mail_from_email);
|
||||
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
|
||||
$config_login_key_secret = mysqli_real_escape_string($mysqli, $config_login_key_secret);
|
||||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
// Send user e-mail, if specified
|
||||
if (isset($_POST['send_email']) && !empty($config_smtp_host) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
|
||||
$password = mysqli_real_escape_string($mysqli, $_POST['password']);
|
||||
|
||||
$subject = "Your new $company_name ITFlow account";
|
||||
$body = "Hello $name,<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $password<br>Login URL: https://$config_base_url/login.php?key=$config_login_key_secret<br><br>--<br>$company_name - Support<br>$config_ticket_from_email";
|
||||
|
||||
$data = [
|
||||
[
|
||||
'from' => $config_mail_from_email,
|
||||
'from_name' => $config_mail_from_name,
|
||||
'recipient' => $email,
|
||||
'recipient_name' => $name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
]
|
||||
];
|
||||
$mail = addToMailQueue($data);
|
||||
|
||||
if ($mail !== true) {
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("User", "Create", "$session_name created user $name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User <strong>$name</strong> created" . $extended_alert_description;
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_user'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
require_once 'post/admin/admin_user_model.php';
|
||||
|
||||
$user_id = intval($_POST['user_id']);
|
||||
$new_password = trim($_POST['new_password']);
|
||||
|
||||
// Update Client Access
|
||||
mysqli_query($mysqli,"DELETE FROM user_client_permissions WHERE user_id = $user_id");
|
||||
if (isset($_POST['clients'])) {
|
||||
foreach($_POST['clients'] as $client_id) {
|
||||
$client_id = intval($client_id);
|
||||
mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
// Get current Avatar
|
||||
$sql = mysqli_query($mysqli, "SELECT user_avatar FROM users WHERE user_id = $user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$existing_file_name = sanitizeInput($row['user_avatar']);
|
||||
|
||||
$extended_log_description = '';
|
||||
if (!empty($_POST['2fa'])) {
|
||||
$two_fa = $_POST['2fa'];
|
||||
}
|
||||
|
||||
if (!file_exists("uploads/users/$user_id/")) {
|
||||
mkdir("uploads/users/$user_id");
|
||||
}
|
||||
|
||||
// Check for and process image/photo
|
||||
$extended_alert_description = '';
|
||||
if (isset($_FILES['file']['tmp_name'])) {
|
||||
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
|
||||
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/users/$user_id/";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
move_uploaded_file($file_tmp_path, $dest_path);
|
||||
|
||||
// Delete old file
|
||||
unlink("uploads/users/$user_id/$existing_file_name");
|
||||
|
||||
// Set Avatar
|
||||
mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
|
||||
$extended_alert_description = '. File successfully uploaded.';
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email', user_role_id = $role WHERE user_id = $user_id");
|
||||
|
||||
if (!empty($new_password)) {
|
||||
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
|
||||
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['new_password']));
|
||||
mysqli_query($mysqli, "UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
|
||||
//Extended Logging
|
||||
$extended_log_description .= ", password changed";
|
||||
}
|
||||
|
||||
if (!empty($two_fa) && $two_fa == 'disable') {
|
||||
mysqli_query($mysqli, "UPDATE users SET user_token = '' WHERE user_id = '$user_id'");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name disabled 2FA for $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
}
|
||||
|
||||
//Update User Settings
|
||||
mysqli_query($mysqli, "UPDATE user_settings SET user_config_force_mfa = $force_mfa WHERE user_id = $user_id");
|
||||
|
||||
// Logging
|
||||
logAction("User", "Edit", "$session_name edited user $name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User <strong>$name</strong> updated" . $extended_alert_description;
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['activate_user'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$user_id = intval($_GET['activate_user']);
|
||||
|
||||
// Get User Name
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$user_name = sanitizeInput($row['user_name']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE users SET user_status = 1 WHERE user_id = $user_id");
|
||||
|
||||
// Logging
|
||||
logAction("User", "Activate", "$session_name activated user $user_name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> activated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['disable_user'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$user_id = intval($_GET['disable_user']);
|
||||
|
||||
// Get User Name
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$user_name = sanitizeInput($row['user_name']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE users SET user_status = 0 WHERE user_id = $user_id");
|
||||
|
||||
// Un-assign tickets
|
||||
mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = 0 WHERE ticket_assigned_to = $user_id AND ticket_closed_at IS NULL");
|
||||
mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_assigned_to = 0 WHERE recurring_ticket_assigned_to = $user_id");
|
||||
|
||||
// Logging
|
||||
logAction("User", "Disable", "$session_name disabled user $name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> disabled";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['revoke_remember_me'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$user_id = intval($_GET['revoke_remember_me']);
|
||||
|
||||
// Get User Name
|
||||
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id"));
|
||||
$user_name = sanitizeInput($row['user_name']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $user_id");
|
||||
|
||||
// Logging
|
||||
logAction("User", "Edit", "$session_name revoked all remember me tokens for user $user_name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> remember me tokens revoked";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['archive_user'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
// Variables from GET
|
||||
$user_id = intval($_GET['archive_user']);
|
||||
$password = password_hash(randomString(), PASSWORD_DEFAULT);
|
||||
|
||||
// Get user details
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$name = sanitizeInput($row['user_name']);
|
||||
|
||||
// Archive user query
|
||||
mysqli_query($mysqli, "UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_status = 0, user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
|
||||
|
||||
// Logging
|
||||
logAction("User", "Archive", "$session_name archived user $name", 0, $user_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "User <strong>$name</strong> archived";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['export_users_csv'])) {
|
||||
|
||||
//get records from database
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_roles ON user_role_id = role_id ORDER BY user_name ASC");
|
||||
|
||||
$count = mysqli_num_rows($sql);
|
||||
|
||||
if ($count > 0) {
|
||||
$delimiter = ",";
|
||||
$filename = "Users-" . date('Y-m-d') . ".csv";
|
||||
|
||||
//create a file pointer
|
||||
$f = fopen('php://memory', 'w');
|
||||
|
||||
//set column headers
|
||||
$fields = array('Name', 'Email', 'Role', 'Status', 'Creation Date');
|
||||
fputcsv($f, $fields, $delimiter);
|
||||
|
||||
//output each row of the data, format line as csv and write to file pointer
|
||||
while($row = $sql->fetch_assoc()) {
|
||||
|
||||
$user_status = intval($row['user_status']);
|
||||
if ($user_status == 2) {
|
||||
$user_status_display = "Invited";
|
||||
} elseif ($user_status == 1) {
|
||||
$user_status_display = "Active";
|
||||
} else{
|
||||
$user_status_display = "Disabled";
|
||||
}
|
||||
|
||||
$lineData = array($row['user_name'], $row['user_email'], $row['role_name'], $user_status_display, $row['user_created_at']);
|
||||
fputcsv($f, $lineData, $delimiter);
|
||||
}
|
||||
|
||||
//move back to beginning of file
|
||||
fseek($f, 0);
|
||||
|
||||
//set headers to download file rather than displayed
|
||||
header('Content-Type: text/csv');
|
||||
header('Content-Disposition: attachment; filename="' . $filename . '";');
|
||||
|
||||
//output all remaining data on a file pointer
|
||||
fpassthru($f);
|
||||
|
||||
// Logging
|
||||
logAction("User", "Export", "$session_name exported $count user(s) to a CSV file");
|
||||
}
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['ir_reset_user_password'])) {
|
||||
|
||||
// Incident response: allow mass reset of agent passwords
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
// Confirm logged-in user password, for security
|
||||
$admin_password = $_POST['admin_password'];
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
|
||||
$userRow = mysqli_fetch_array($sql);
|
||||
if (!password_verify($admin_password, $userRow['user_password'])) {
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Incorrect password.";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Get agents/users, other than the current user
|
||||
$sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE (user_archived_at IS NULL AND user_id != $session_user_id)");
|
||||
|
||||
// Reset passwords
|
||||
while ($row = mysqli_fetch_array($sql_users)) {
|
||||
$user_id = intval($row['user_id']);
|
||||
$user_email = sanitizeInput($row['user_email']);
|
||||
$new_password = randomString();
|
||||
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($new_password));
|
||||
|
||||
echo $user_email . " -- " . $new_password; // Show
|
||||
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
|
||||
|
||||
echo "<br><br>";
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("User", "Edit", "$session_name reset ALL user passwords");
|
||||
|
||||
exit; // Stay on the plain text password page
|
||||
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$email = sanitizeInput($_POST['email']);
|
||||
$role = intval($_POST['role']);
|
||||
$force_mfa = intval($_POST['force_mfa'] ?? 0);
|
||||
@@ -1,162 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Vendor Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from user-side vendor management as we reuse functions
|
||||
require_once 'post/user/vendor.php';
|
||||
|
||||
if (isset($_POST['add_vendor_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$account_number = sanitizeInput($_POST['account_number']);
|
||||
$contact_name = sanitizeInput($_POST['contact_name']);
|
||||
$phone_country_code = preg_replace("/[^0-9]/", '', $_POST['phone_country_code']);
|
||||
$phone = preg_replace("/[^0-9]/", '', $_POST['phone']);
|
||||
$extension = preg_replace("/[^0-9]/", '', $_POST['extension']);
|
||||
$email = sanitizeInput($_POST['email']);
|
||||
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['website']));
|
||||
$hours = sanitizeInput($_POST['hours']);
|
||||
$sla = sanitizeInput($_POST['sla']);
|
||||
$code = sanitizeInput($_POST['code']);
|
||||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO vendor_templates SET vendor_template_name = '$name', vendor_template_description = '$description', vendor_template_contact_name = '$contact_name', vendor_template_phone = '$phone', vendor_template_extension = '$extension', vendor_template_email = '$email', vendor_template_website = '$website', vendor_template_hours = '$hours', vendor_template_sla = '$sla', vendor_template_code = '$code', vendor_template_account_number = '$account_number', vendor_template_notes = '$notes'");
|
||||
|
||||
$vendor_template_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Vendor Template", "Create", "$session_name created vendor template $name", 0, $vendor_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Vendor template <strong>$name</strong> created";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['edit_vendor_template'])) {
|
||||
|
||||
$vendor_template_id = intval($_POST['vendor_template_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$account_number = sanitizeInput($_POST['account_number']);
|
||||
$contact_name = sanitizeInput($_POST['contact_name']);
|
||||
$phone_country_code = preg_replace("/[^0-9]/", '', $_POST['phone_country_code']);
|
||||
$phone = preg_replace("/[^0-9]/", '', $_POST['phone']);
|
||||
$extension = preg_replace("/[^0-9]/", '', $_POST['extension']);
|
||||
$email = sanitizeInput($_POST['email']);
|
||||
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['website']));
|
||||
$hours = sanitizeInput($_POST['hours']);
|
||||
$sla = sanitizeInput($_POST['sla']);
|
||||
$code = sanitizeInput($_POST['code']);
|
||||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
if ($_POST['global_update_vendor_name'] == 1) {
|
||||
$sql_global_update_vendor_name = ", vendor_name = '$name'";
|
||||
} else {
|
||||
$sql_global_update_vendor_name = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_description'] == 1) {
|
||||
$sql_global_update_vendor_description = ", vendor_description = '$description'";
|
||||
} else {
|
||||
$sql_global_update_vendor_description = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_account_number'] == 1) {
|
||||
$sql_global_update_vendor_account_number = ", vendor_account_number = '$account_number'";
|
||||
} else {
|
||||
$sql_global_update_vendor_account_number = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_contact_name'] == 1) {
|
||||
$sql_global_update_vendor_contact_name = ", vendor_contact_name = '$contact_name'";
|
||||
} else {
|
||||
$sql_global_update_vendor_contact_name = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_phone'] == 1) {
|
||||
$sql_global_update_vendor_phone = ", vendor_phone_country_code = '$phone_country_code', vendor_phone = '$phone', vendor_extension = '$extension'";
|
||||
} else {
|
||||
$sql_global_update_vendor_phone = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_hours'] == 1) {
|
||||
$sql_global_update_vendor_hours = ", vendor_hours = '$hours'";
|
||||
} else {
|
||||
$sql_global_update_vendor_hours = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_email'] == 1) {
|
||||
$sql_global_update_vendor_email = ", vendor_email = '$email'";
|
||||
} else {
|
||||
$sql_global_update_vendor_email = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_website'] == 1) {
|
||||
$sql_global_update_vendor_website = ", vendor_website = '$website'";
|
||||
} else {
|
||||
$sql_global_update_vendor_website = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_sla'] == 1) {
|
||||
$sql_global_update_vendor_sla = ", vendor_sla = '$sla'";
|
||||
} else {
|
||||
$sql_global_update_vendor_sla = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_code'] == 1) {
|
||||
$sql_global_update_vendor_code = ", vendor_code = '$code'";
|
||||
} else {
|
||||
$sql_global_update_vendor_code = "";
|
||||
}
|
||||
|
||||
if ($_POST['global_update_vendor_notes'] == 1) {
|
||||
$sql_global_update_vendor_notes = ", vendor_notes = '$notes'";
|
||||
} else {
|
||||
$sql_global_update_vendor_notes = "";
|
||||
}
|
||||
|
||||
// Update just the template
|
||||
mysqli_query($mysqli,"UPDATE vendor_templates SET vendor_template_name = '$name', vendor_template_description = '$description', vendor_template_contact_name = '$contact_name', vendor_template_phone_country_code = '$phone_country_code', vendor_template_phone = '$phone', vendor_template_extension = '$extension', vendor_template_email = '$email', vendor_template_website = '$website', vendor_template_hours = '$hours', vendor_template_sla = '$sla', vendor_template_code = '$code', vendor_template_account_number = '$account_number', vendor_template_notes = '$notes' WHERE vendor_template_id = $vendor_template_id");
|
||||
|
||||
if ($_POST['update_base_vendors'] == 1) {
|
||||
// Update client related vendors if anything is checked
|
||||
$sql = "$sql_global_update_vendor_name $sql_global_update_vendor_description $sql_global_update_vendor_account_number $sql_global_update_vendor_contact_name $sql_global_update_vendor_phone $sql_global_update_vendor_hours $sql_global_update_vendor_email $sql_global_update_vendor_website $sql_global_update_vendor_sla $sql_global_update_vendor_code $sql_global_update_vendor_notes";
|
||||
|
||||
// Remove the first comma to prevent MySQL error
|
||||
$sql = preg_replace('/,/', '', $sql, 1);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE vendors SET $sql WHERE vendor_template_id = $vendor_template_id");
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Vendor Template", "Edit", "$session_name edited vendor template $name", 0, $vendor_template_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Vendor template <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_vendor_template'])) {
|
||||
$vendor_template_id = intval($_GET['delete_vendor_template']);
|
||||
|
||||
//Get Vendor Template Name
|
||||
$sql = mysqli_query($mysqli,"SELECT vendor_template_name FROM vendor_templates WHERE vendor_template_id = $vendor_template_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$vendor_template_name = sanitizeInput($row['vendor_template_name']);
|
||||
|
||||
// If its a template reset all vendors based off this template to no template base
|
||||
mysqli_query($mysqli,"UPDATE vendors SET vendor_template_id = 0 WHERE vendor_template_id = $vendor_template_id");
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM vendor_templates WHERE vendor_template_id = $vendor_template_id");
|
||||
|
||||
// Logging
|
||||
logAction("Vendor Template", "Delete", "$session_name deleted vendor template $vendor_template_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Vendor Template <strong>$vendor_template_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
- Custom Pages -
|
||||
|
||||
If you wish to add custom pages to ITFlow, add them to the xcustom folder in the root directory with the prefix "xcustom_"
|
||||
e.g. If your page was called my_page_one, name it "xcustom/xcustom_my_page_one.php"
|
||||
Note: If required, you can use the Custom Links module to have the page show on the user sidebar.
|
||||
|
||||
To process POST data via your custom pages, create a file in this directory (post/xcustom) named after your page (e.g. xcustom_my_page_one.php).
|
||||
The relevant file will be automatically loaded upon a POST request based on the referer - your form just needs to target the standard root/post.php.
|
||||
|
||||
*/
|
||||
Reference in New Issue
Block a user