mirror of https://github.com/itflow-org/itflow
Updated product post to use new logAction function, tidy and added more details to logging and add permission check
This commit is contained in:
johnnyq
parent
08c8153d64
commit
115640fc89
|
|
@ -7,13 +7,16 @@
|
|||
// Products
|
||||
if (isset($_POST['add_product'])) {
|
||||
|
||||
require_once 'post/user/product_model.php';
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
require_once 'post/user/product_model.php';
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Create', log_description = '$session_name created product $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
$product_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Product", "Create", "$session_name created product $name", 0, $product_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Product <strong>$name</strong> created";
|
||||
|
||||
|
|
@ -23,19 +26,18 @@ if (isset($_POST['add_product'])) {
|
|||
|
||||
if (isset($_POST['edit_product'])) {
|
||||
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
require_once 'post/user/product_model.php';
|
||||
|
||||
$product_id = intval($_POST['product_id']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE products SET product_name = '$name', product_description = '$description', product_price = '$price', product_tax_id = $tax, product_category_id = $category WHERE product_id = $product_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Modify', log_description = '$name', log_user_id = $session_user_id");
|
||||
// Logging
|
||||
logAction("Product", "Edit", "$session_name edited product $name", 0, $product_id);
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Modify', log_description = '$session_name modified product $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Product <strong>$name</strong> modified";
|
||||
$_SESSION['alert_message'] = "Product <strong>$name</strong> edited";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
|
@ -43,7 +45,7 @@ if (isset($_POST['edit_product'])) {
|
|||
|
||||
if (isset($_GET['archive_product'])) {
|
||||
|
||||
validateTechRole();
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
$product_id = intval($_GET['archive_product']);
|
||||
|
||||
|
|
@ -54,8 +56,8 @@ if (isset($_GET['archive_product'])) {
|
|||
|
||||
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Archive', log_description = '$session_name archived product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
// Logging
|
||||
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> archived";
|
||||
|
|
@ -66,7 +68,7 @@ if (isset($_GET['archive_product'])) {
|
|||
|
||||
if (isset($_GET['unarchive_product'])) {
|
||||
|
||||
validateTechRole();
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
$product_id = intval($_GET['unarchive_product']);
|
||||
|
||||
|
|
@ -77,8 +79,8 @@ if (isset($_GET['unarchive_product'])) {
|
|||
|
||||
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Unarchive', log_description = '$session_name restored product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
// Logging
|
||||
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
|
||||
|
||||
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> restored";
|
||||
|
||||
|
|
@ -87,6 +89,9 @@ if (isset($_GET['unarchive_product'])) {
|
|||
}
|
||||
|
||||
if (isset($_GET['delete_product'])) {
|
||||
|
||||
enforceUserPermission('module_sales', 3);
|
||||
|
||||
$product_id = intval($_GET['delete_product']);
|
||||
|
||||
//Get Product Name
|
||||
|
|
@ -96,8 +101,8 @@ if (isset($_GET['delete_product'])) {
|
|||
|
||||
mysqli_query($mysqli,"DELETE FROM products WHERE product_id = $product_id");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Delete', log_description = '$session_name deleted product $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
// Logging
|
||||
logAction("Product", "Delete", "$session_name deleted product $product_name");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> deleted";
|
||||
|
|
@ -108,6 +113,8 @@ if (isset($_GET['delete_product'])) {
|
|||
|
||||
if (isset($_POST['bulk_edit_product_category'])) {
|
||||
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
$category_id = intval($_POST['bulk_category_id']);
|
||||
|
||||
// Get Category name for logging and Notification
|
||||
|
|
@ -115,11 +122,12 @@ if (isset($_POST['bulk_edit_product_category'])) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
$category_name = sanitizeInput($row['category_name']);
|
||||
|
||||
// Get Count
|
||||
$count = count($_POST['product_ids']);
|
||||
|
||||
// Assign category to Selected Products
|
||||
if (!empty($_POST['product_ids'])) {
|
||||
if ($_POST['product_ids']) {
|
||||
|
||||
// Get Count
|
||||
$count = count($_POST['product_ids']);
|
||||
|
||||
foreach($_POST['product_ids'] as $product_id) {
|
||||
$product_id = intval($product_id);
|
||||
|
||||
|
|
@ -131,27 +139,31 @@ if (isset($_POST['bulk_edit_product_category'])) {
|
|||
mysqli_query($mysqli,"UPDATE products SET product_category_id = $category_id WHERE product_id = $product_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Edit', log_description = '$session_name assigned $product_name to income category $category_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
logAction("Product", "Edit", "$session_name assigned product $product_name to category $category_name", 0, $product_id);
|
||||
|
||||
} // End Assign Product Loop
|
||||
|
||||
$_SESSION['alert_message'] = "You assigned product category <b>$category_name</b> to <b>$count</b> products";
|
||||
//Logging
|
||||
logAction("Product", "Edit", "$session_name assigned category $category_name to $count product(s)");
|
||||
|
||||
$_SESSION['alert_message'] = "Assigned category <strong>$category_name</strong> to <strong>$count</strong> product(s)";
|
||||
}
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_POST['bulk_archive_products'])) {
|
||||
validateAdminRole();
|
||||
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$count = 0; // Default 0
|
||||
$product_ids = $_POST['product_ids']; // Get array of IDs to be deleted
|
||||
if ($_POST['product_ids']) {
|
||||
|
||||
if (!empty($product_ids)) {
|
||||
$count = count($_POST['product_ids']);
|
||||
|
||||
// Cycle through array and archive each record
|
||||
foreach ($product_ids as $product_id) {
|
||||
foreach ($_POST['product_ids'] as $product_id) {
|
||||
|
||||
$product_id = intval($product_id);
|
||||
|
||||
|
|
@ -163,15 +175,14 @@ if (isset($_POST['bulk_archive_products'])) {
|
|||
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
|
||||
|
||||
// Individual Contact logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Archive', log_description = '$session_name archived product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
$count++;
|
||||
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
|
||||
}
|
||||
|
||||
// Bulk Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Bulk Archive', log_description = '$session_name archived $count products', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
logAction("Product", "Bulk Archive", "$session_name archived $count product(s)");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Archived $count product(s)";
|
||||
$_SESSION['alert_message'] = "Archived <strong>$count</strong> product(s)";
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -179,16 +190,15 @@ if (isset($_POST['bulk_archive_products'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['bulk_unarchive_products'])) {
|
||||
validateAdminRole();
|
||||
enforceUserPermission('module_sales', 2);
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$count = 0; // Default 0
|
||||
$product_ids = $_POST['product_ids']; // Get array of IDs
|
||||
if ($_POST['product_ids']) {
|
||||
|
||||
if (!empty($product_ids)) {
|
||||
$count = count($_POST['product_ids']);
|
||||
|
||||
// Cycle through array and unarchive
|
||||
foreach ($product_ids as $product_id) {
|
||||
// Cycle through array and unarchive each record
|
||||
foreach ($_POST['product_ids'] as $product_id) {
|
||||
|
||||
$product_id = intval($product_id);
|
||||
|
||||
|
|
@ -200,16 +210,14 @@ if (isset($_POST['bulk_unarchive_products'])) {
|
|||
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
|
||||
|
||||
// Individual logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Unarchive', log_description = '$session_name Unarchived product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
|
||||
|
||||
|
||||
$count++;
|
||||
}
|
||||
|
||||
// Bulk Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Unarchive', log_description = '$session_name Unarchived $count products', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
logAction("Product", "Bulk Unarchive", "$session_name unarchived $count product(s)");
|
||||
|
||||
$_SESSION['alert_message'] = "Unarchived $count product(s)";
|
||||
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> product(s)";
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -217,16 +225,15 @@ if (isset($_POST['bulk_unarchive_products'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['bulk_delete_products'])) {
|
||||
validateAdminRole();
|
||||
enforceUserPermission('module_sales', 3);
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$count = 0; // Default 0
|
||||
$product_ids = $_POST['product_ids']; // Get array of IDs to be deleted
|
||||
if ($_POST['product_ids']) {
|
||||
|
||||
if (!empty($product_ids)) {
|
||||
$count = count($_POST['product_ids']);
|
||||
|
||||
// Cycle through array and delete each record
|
||||
foreach ($product_ids as $product_id) {
|
||||
foreach ($_POST['product_ids'] as $product_id) {
|
||||
|
||||
$product_id = intval($product_id);
|
||||
|
||||
|
|
@ -237,15 +244,15 @@ if (isset($_POST['bulk_delete_products'])) {
|
|||
|
||||
mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Delete', log_description = '$session_name deleted product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
|
||||
// Individual logging
|
||||
logAction("Product", "Delete", "$session_name deleted product $product_name");
|
||||
|
||||
$count++;
|
||||
}
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Bulk Delete', log_description = '$session_name bulk deleted $count products', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
// Bulk logging
|
||||
logAction("Product", "Bulk Delete", "$session_name deleted $count product(s)");
|
||||
|
||||
$_SESSION['alert_message'] = "Deleted $count product(s)";
|
||||
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> product(s)";
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -263,7 +270,9 @@ if (isset($_POST['export_products_csv'])) {
|
|||
ORDER BY product_name DESC
|
||||
");
|
||||
|
||||
if (mysqli_num_rows($sql) > 0) {
|
||||
$num_rows = mysqli_num_rows($sql);
|
||||
|
||||
if ($num_rows > 0) {
|
||||
$delimiter = ",";
|
||||
$filename = "$session_company_name-Products.csv";
|
||||
|
||||
|
|
@ -292,7 +301,7 @@ if (isset($_POST['export_products_csv'])) {
|
|||
}
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Export', log_description = '$session_name exported products to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
logAction("Product", "Export", "$session_name exported $num_rows product(s) to a CSV file");
|
||||
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue