From 0ac9143e47dfabda331b5df6268c574eb942106d Mon Sep 17 00:00:00 2001 From: johnnyq Date: Sat, 7 May 2022 20:15:13 -0400 Subject: [PATCH] Do no show archived clients under clients, add archive client, add undo archive client --- client.php | 2 ++ clients.php | 5 ++++- post.php | 52 ++++++++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/client.php b/client.php index cc98914b..c4c233cb 100644 --- a/client.php +++ b/client.php @@ -258,6 +258,8 @@ $location_phone = formatPhoneNumber($location_phone);
Edit
+ Archive +
Delete diff --git a/clients.php b/clients.php index 6a7662c2..ca3dca2d 100644 --- a/clients.php +++ b/clients.php @@ -93,7 +93,8 @@ $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients LEFT JOIN contacts ON clients.primary_contact = contacts.contact_id AND contact_archived_at IS NULL LEFT JOIN locations ON clients.primary_location = locations.location_id AND location_archived_at IS NULL WHERE (client_name LIKE '%$query%' OR client_type LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_name LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' - OR contact_mobile LIKE '%$phone_query%' OR location_address LIKE '%$query%' OR location_city LIKE '%$query%' OR location_state LIKE '%$query%' OR location_zip LIKE '%$query%') + OR contact_mobile LIKE '%$phone_query%' OR location_address LIKE '%$query%' OR location_city LIKE '%$query%' OR location_state LIKE '%$query%' OR location_zip LIKE '%$query%') + AND client_archived_at IS NULL AND DATE(client_created_at) BETWEEN '$date_from' AND '$date_to' AND clients.company_id = $session_company_id ORDER BY $sortby $order LIMIT $record_from, $record_to @@ -327,6 +328,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
Edit
+ Archive +
Delete
diff --git a/post.php b/post.php index 1ff00bb3..97533a29 100644 --- a/post.php +++ b/post.php @@ -1345,19 +1345,55 @@ if(isset($_POST['edit_client'])){ //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); - $_SESSION['alert_message'] = "Client $name updated"; + $_SESSION['alert_message'] = "Client ".stripslashes($client_name)." updated"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + +if(isset($_GET['archive_client'])){ + + validateAdminRole(); + + $client_id = intval($_GET['archive_client']); + + // Get Client Name + $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id"); + $row = mysqli_fetch_array($sql); + $client_name = strip_tags(mysqli_real_escape_string($mysqli, $row['client_name'])); + + mysqli_query($mysqli,"UPDATE clients SET client_archived_at = NOW() WHERE client_id = $client_id AND company_id = $session_company_id"); + + //Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Archive', log_description = '$session_name archived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "Client ".stripslashes($client_name)." archive. Undo"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + +if(isset($_GET['undo_archive_client'])){ + + $client_id = intval($_GET['undo_archive_client']); + + // Get Client Name + $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id"); + $row = mysqli_fetch_array($sql); + $client_name = strip_tags(mysqli_real_escape_string($mysqli, $row['client_name'])); + + mysqli_query($mysqli,"UPDATE clients SET client_archived_at = NULL WHERE client_id = $client_id AND company_id = $session_company_id"); + + //Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Undo Archive', log_description = '$session_name unarchived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_message'] = "Client ".stripslashes($client_name)." unarchived."; header("Location: " . $_SERVER["HTTP_REFERER"]); } if(isset($_GET['delete_client'])){ - if($session_user_role != 3){ - $_SESSION['alert_type'] = "danger"; - $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; - header("Location: " . $_SERVER["HTTP_REFERER"]); - exit(); - } + validateAdminRole(); // CSRF Check validateCSRFToken($_GET['csrf_token']); @@ -1367,7 +1403,7 @@ if(isset($_GET['delete_client'])){ //Get Client Name $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id"); $row = mysqli_fetch_array($sql); - $client_name = $row['client_name']; + $client_name = strip_tags(mysqli_real_escape_string($mysqli, $row['client_name'])); // Delete Client Data mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_client_id = $client_id");