AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 13:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Redirect/show techs to technical dashboard on login/navbar

Browse Source
This commit is contained in:
Marcus Hill
2023-01-01 13:41:29 +00:00
parent 4ec88257d7
commit 07986954f5
2 changed files with 263 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
login.php
View File

@@ -17,7 +17,7 @@ ini_set("session.cookie_httponly", True);
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
if($config_https_only){ if($config_https_only){
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
// Handle POST login request // Handle POST login request
@@ -28,22 +28,22 @@ if(isset($_POST['login'])){
// Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins) // Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)")); $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$failed_login_count = $row['failed_login_count']; $failed_login_count = $row['failed_login_count'];
// Login brute force check // Login brute force check
if($failed_login_count >= 10){ if($failed_login_count >= 10){
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company) // Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
if($failed_login_count == 10){ if($failed_login_count == 10){
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
} }
// Inform user // Inform user
$response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>'; $response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
} }
// Passed login brute force check // Passed login brute force check
@@ -74,24 +74,34 @@ if(isset($_POST['login'])){
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
generateUserSessionKey($site_encryption_master_key); generateUserSessionKey($site_encryption_master_key);
// Setup extension // Setup extension
if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) { if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
// Extension cookie // Extension cookie
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above) // Set PHP session in DB so we can access the session encryption data (above)
$user_php_session = session_id(); $user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'"); mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
} }
} }
if (empty($token)) { if (empty($token)) {
// Full Login successful
$_SESSION['logged'] = TRUE; $_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
header("Location: dashboard_financial.php"); // Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
} else {
header("Location: dashboard_financial.php");
}
} else { } else {
// Prompt for MFA
$token_field = "<div class='input-group mb-3'> $token_field = "<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='Token' name='current_code' autofocus> <input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
<div class='input-group-append'> <div class='input-group-append'>
@@ -104,10 +114,17 @@ if(isset($_POST['login'])){
require_once("rfc6238.php"); require_once("rfc6238.php");
if (TokenAuth6238::verify($token, $current_code)) { if (TokenAuth6238::verify($token, $current_code)) {
// Full login (with MFA) successful
$_SESSION['logged'] = TRUE; $_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
//header("Location: $config_start_page");
header("Location: dashboard_financial.php"); // Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
} else {
header("Location: dashboard_financial.php");
}
} else { } else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
@@ -138,60 +155,60 @@ if(isset($_POST['login'])){
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Login</title> <title><?php echo $config_app_name; ?> | Login</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<!-- Font Awesome --> <!-- Font Awesome -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
<!-- Theme style --> <!-- Theme style -->
<link rel="stylesheet" href="dist/css/adminlte.min.css"> <link rel="stylesheet" href="dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<body class="hold-transition login-page"> <body class="hold-transition login-page">
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<b>IT</b>Flow <b>IT</b>Flow
</div> </div>
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
<form method="post">
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Agent Email" name="email" value="<?php if(!empty($token_field)){ echo $email; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Agent Password" name="password" value="<?php if(!empty($token_field)){ echo $password; } ?>" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<?php if(!empty($token_field)){ echo $token_field; } ?>
<button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>
<hr><br>
<h4>Looking for the <a href="portal">Client Portal?<a/></h4>
</form>
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
<form method="post">
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Agent Email" name="email" value="<?php if(!empty($token_field)){ echo $email; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
</div> </div>
<!-- /.login-card-body --> <div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Agent Password" name="password" value="<?php if(!empty($token_field)){ echo $password; } ?>" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<?php if(!empty($token_field)){ echo $token_field; } ?>
<button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>
<hr><br>
<h4>Looking for the <a href="portal">Client Portal?<a/></h4>
</form>
</div> </div>
<!-- /.login-card-body -->
</div>
</div> </div>
<!-- /.login-box --> <!-- /.login-box -->

341
side_nav.php
View File

@@ -1,195 +1,210 @@
<!-- Main Sidebar Container --> <!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-primary elevation-3 d-print-none"> <aside class="main-sidebar sidebar-dark-primary elevation-3 d-print-none">
<!-- Sidebar --> <!-- Sidebar -->
<div class="sidebar"> <div class="sidebar">
<!-- Sidebar Menu --> <!-- Sidebar Menu -->
<nav class=""> <nav class="">
<?php <?php
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)"); $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)");
if(mysqli_num_rows($sql) > 1){
?> if(mysqli_num_rows($sql) > 1){
<div class="dropdown brand-link"> ?>
<a class="" href="#" data-toggle="dropdown">
<h3 class="brand-text text-light mb-0"><?php echo htmlentities($session_company_name); ?> <small><i class="fa fa-caret-down"></i></small></h3>
</a>
<ul class="dropdown-menu"> <div class="dropdown brand-link">
<a class="" href="#" data-toggle="dropdown">
<?php <h3 class="brand-text text-light mb-0"><?php echo htmlentities($session_company_name); ?> <small><i class="fa fa-caret-down"></i></small></h3>
</a>
while($row = mysqli_fetch_array($sql)){
$company_id = $row['company_id']; <ul class="dropdown-menu">
$company_name = htmlentities($row['company_name']);
?> <?php
<li><a class="dropdown-item text-dark" href="post.php?switch_company=<?php echo $company_id; ?>"><?php echo $company_name; ?><?php if($company_id == $session_company_id){ echo "<i class='fa fa-check text-secondary ml-2'></i>"; } ?></a></li>
<?php while($row = mysqli_fetch_array($sql)){
} $company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']);
?>
</ul> ?>
</div>
<?php }else{ ?> <li><a class="dropdown-item text-dark" href="post.php?switch_company=<?php echo $company_id; ?>"><?php echo $company_name; ?><?php if($company_id == $session_company_id){ echo "<i class='fa fa-check text-secondary ml-2'></i>"; } ?></a></li>
<h2 class="brand-text text-light my-3"><i class="fas fa-cloud"></i> <?php echo htmlentities($session_company_name); ?></h2> <?php
<?php } ?> }
<form class="form-inline mb-3" action="global_search.php"> ?>
<div class="input-group">
<input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo htmlentities($_GET['query']); } ?>"> </ul>
<div class="input-group-append"> </div>
<button class="btn btn-sidebar" type="submit">
<i class="fas fa-search"></i> <?php }else{ ?>
</button>
</div> <h2 class="brand-text text-light my-3"><i class="fas fa-cloud"></i> <?php echo htmlentities($session_company_name); ?></h2>
</div>
</form> <?php } ?>
<form class="form-inline mb-3" action="global_search.php">
<div class="input-group">
<input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo htmlentities($_GET['query']); } ?>">
<div class="input-group-append">
<button class="btn btn-sidebar" type="submit">
<i class="fas fa-search"></i>
</button>
</div>
</div>
</form>
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false"> <ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
<li class="nav-item"> <!-- Dashboard item (tech/financial) -->
<a href="dashboard_financial.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "dashboard_financial.php") { echo "active"; } ?>"> <?php if ($session_user_role == 2){ ?>
<i class="nav-icon fas fa-tachometer-alt"></i>
<p>Dashboard</p>
</a>
</li>
<li class="nav-item">
<a href="clients.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-users"></i>
<p>Clients</p>
</a>
</li>
<?php if($session_user_role >= 2 && $config_module_enable_ticketing == 1){ ?>
<li class="nav-header mt-3">SUPPORT</li> <li class="nav-item">
<li class="nav-item"> <a href="dashboard_technical.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "dashboard_technical.php") { echo "active"; } ?>">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>"> <i class="nav-icon fas fa-tachometer-alt"></i>
<i class="nav-icon fas fa-life-ring"></i> <p>Dashboard</p>
<p>Tickets</p> </a>
</a> </li>
</li>
<li class="nav-item">
<a href="scheduled_tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "scheduled_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync"></i>
<p>Scheduled Tickets</p>
</a>
</li>
<li class="nav-item">
<a href="calendar_events.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "calendar_events.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-calendar"></i>
<p>Calendar</p>
</a>
</li>
<?php } ?> <?php } else { ?>
<li class="nav-header mt-3">SALES</li> <li class="nav-item">
<li class="nav-item"> <a href="dashboard_financial.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "dashboard_financial.php") { echo "active"; } ?>">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>"> <i class="nav-icon fas fa-tachometer-alt"></i>
<i class="nav-icon fas fa-file-invoice"></i> <p>Dashboard</p>
<p>Quotes</p> </a>
</a> </li>
</li>
<li class="nav-item">
<a href="invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "invoices.php" || basename($_SERVER["PHP_SELF"]) == "invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice-dollar"></i>
<p>Invoices</p>
</a>
</li>
<li class="nav-item">
<a href="revenues.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "revenues.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
<p>Revenues</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync-alt"></i>
<p>Recurring</p>
</a>
</li>
<li class="nav-item">
<a href="products.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "products.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-box"></i>
<p>Products</p>
</a>
</li>
<?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?> <?php } ?>
<!-- End dashboard item (tech/financial) -->
<li class="nav-header mt-3">ACCOUNTING</li> <li class="nav-item">
<li class="nav-item"> <a href="clients.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<a href="payments.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>"> <i class="nav-icon fas fa-users"></i>
<i class="nav-icon fas fa-credit-card"></i> <p>Clients</p>
<p>Payments</p> </a>
</a> </li>
</li>
<li class="nav-item">
<a href="vendors.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "vendors.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-building"></i>
<p>Vendors</p>
</a>
</li>
<li class="nav-item">
<a href="expenses.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "expenses.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-shopping-cart"></i>
<p>Expenses</p>
</a>
</li>
<li class="nav-item">
<a href="trips.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "trips.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-route"></i>
<p>Trips</p>
</a>
</li>
<li class="nav-item">
<a href="transfers.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "transfers.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-exchange-alt"></i>
<p>Transfers</p>
</a>
</li>
<li class="nav-item"> <?php if($session_user_role >= 2 && $config_module_enable_ticketing == 1){ ?>
<a href="report_income_summary.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="fas fa-chart-bar nav-icon"></i>
<p>Reports</p>
<i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php } ?> <li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets</p>
</a>
</li>
<li class="nav-item">
<a href="scheduled_tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "scheduled_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync"></i>
<p>Scheduled Tickets</p>
</a>
</li>
<li class="nav-item">
<a href="calendar_events.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "calendar_events.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-calendar"></i>
<p>Calendar</p>
</a>
</li>
<?php if($session_user_role == 3){ ?> <?php } ?>
<li class="nav-item mt-3"> <li class="nav-header mt-3">SALES</li>
<a href="users.php" class="nav-link"> <li class="nav-item">
<i class="nav-icon fas fa-cog"></i> <a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
<p>Settings</p> <i class="nav-icon fas fa-file-invoice"></i>
<i class="fas fa-angle-right nav-icon float-right"></i> <p>Quotes</p>
</a> </a>
</li> </li>
<li class="nav-item">
<a href="invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "invoices.php" || basename($_SERVER["PHP_SELF"]) == "invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice-dollar"></i>
<p>Invoices</p>
</a>
</li>
<li class="nav-item">
<a href="revenues.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "revenues.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
<p>Revenues</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync-alt"></i>
<p>Recurring</p>
</a>
</li>
<li class="nav-item">
<a href="products.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "products.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-box"></i>
<p>Products</p>
</a>
</li>
<?php } ?> <?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
</ul> <li class="nav-header mt-3">ACCOUNTING</li>
</nav> <li class="nav-item">
<!-- /.sidebar-menu --> <a href="payments.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
</div> <i class="nav-icon fas fa-credit-card"></i>
<!-- /.sidebar --> <p>Payments</p>
</a>
</li>
<li class="nav-item">
<a href="vendors.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "vendors.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-building"></i>
<p>Vendors</p>
</a>
</li>
<li class="nav-item">
<a href="expenses.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "expenses.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-shopping-cart"></i>
<p>Expenses</p>
</a>
</li>
<li class="nav-item">
<a href="trips.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "trips.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-route"></i>
<p>Trips</p>
</a>
</li>
<li class="nav-item">
<a href="transfers.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "transfers.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-exchange-alt"></i>
<p>Transfers</p>
</a>
</li>
<li class="nav-item">
<a href="report_income_summary.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="fas fa-chart-bar nav-icon"></i>
<p>Reports</p>
<i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php } ?>
<?php if($session_user_role == 3){ ?>
<li class="nav-item mt-3">
<a href="users.php" class="nav-link">
<i class="nav-icon fas fa-cog"></i>
<p>Settings</p>
<i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php } ?>
</ul>
</nav>
<!-- /.sidebar-menu -->
</div>
<!-- /.sidebar -->
</aside> </aside>