+
+
+
">
+
+
+
+
+
+
+
+
diff --git a/client_assets.php b/client_assets.php
index 99c65b68..18b33601 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -297,6 +297,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
$asset_install_date_display = $asset_install_date;
}
+ $asset_photo = nullable_htmlentities($row['asset_photo']);
+ $asset_physical_location = nullable_htmlentities($row['asset_physical_location']);
$asset_notes = nullable_htmlentities($row['asset_notes']);
$asset_created_at = nullable_htmlentities($row['asset_created_at']);
$asset_archived_at = nullable_htmlentities($row['asset_archived_at']);
diff --git a/client_contact_details.php b/client_contact_details.php
index 4bc0e19e..5aff1925 100644
--- a/client_contact_details.php
+++ b/client_contact_details.php
@@ -250,6 +250,8 @@ if (isset($_GET['contact_id'])) {
}
$asset_uri = nullable_htmlentities($row['asset_uri']);
$asset_uri_2 = nullable_htmlentities($row['asset_uri_2']);
+ $asset_photo = nullable_htmlentities($row['asset_photo']);
+ $asset_physical_location = nullable_htmlentities($row['asset_physical_location']);
$asset_notes = nullable_htmlentities($row['asset_notes']);
$asset_created_at = nullable_htmlentities($row['asset_created_at']);
$asset_vendor_id = intval($row['asset_vendor_id']);
diff --git a/post/asset.php b/post/asset.php
index 5665c3a4..8d20174d 100644
--- a/post/asset.php
+++ b/post/asset.php
@@ -27,6 +27,7 @@ if (isset($_POST['add_asset'])) {
$uri_2 = sanitizeInput($_POST['uri_2']);
$status = sanitizeInput($_POST['status']);
$location = intval($_POST['location']);
+ $physical_location = sanitizeInput($_POST['physical_location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
@@ -52,13 +53,32 @@ if (isset($_POST['add_asset'])) {
$alert_extended = "";
- mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_client_id = $client_id");
+ mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_physical_location = '$physical_location', asset_notes = '$notes', asset_client_id = $client_id");
$asset_id = mysqli_insert_id($mysqli);
+ // Add Photo
+ if ($_FILES['file']['tmp_name'] != '') {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
+
+ $file_tmp_path = $_FILES['file']['tmp_name'];
+
+ // directory in which the uploaded file will be moved
+ if (!file_exists("uploads/clients/$client_id")) {
+ mkdir("uploads/clients/$client_id");
+ }
+ $upload_file_dir = "uploads/clients/$client_id/";
+ $dest_path = $upload_file_dir . $new_file_name;
+ move_uploaded_file($file_tmp_path, $dest_path);
+
+ mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id");
+ }
+ }
+
// Add Primary Interface
mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = 'Primary', interface_mac = '$mac', interface_ip = '$ip', interface_nat_ip = '$nat_ip', interface_ipv6 = '$ipv6', interface_port = 'eth0', interface_primary = 1, interface_network_id = $network, interface_asset_id = $asset_id");
+
if (!empty($_POST['username'])) {
$username = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['username'])));
$password = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['password'])));
@@ -107,6 +127,7 @@ if (isset($_POST['edit_asset'])) {
$uri_2 = sanitizeInput($_POST['uri_2']);
$status = sanitizeInput($_POST['status']);
$location = intval($_POST['location']);
+ $physical_location = sanitizeInput($_POST['physical_location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
@@ -130,11 +151,34 @@ if (isset($_POST['edit_asset'])) {
}
$notes = sanitizeInput($_POST['notes']);
- mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id");
+ // Get Existing Photo
+ $sql = mysqli_query($mysqli,"SELECT asset_photo FROM assets WHERE asset_id = $asset_id");
+ $row = mysqli_fetch_array($sql);
+ $existing_file_name = sanitizeInput($row['asset_photo']);
+
+ mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_physical_location = '$physical_location', asset_notes = '$notes' WHERE asset_id = $asset_id");
// Update Primary Interface
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_mac = '$mac', interface_ip = '$ip', interface_nat_ip = '$nat_ip', interface_ipv6 = '$ipv6', interface_network_id = $network WHERE interface_asset_id = $asset_id AND interface_primary = 1");
+ // Update Photo
+ if ($_FILES['file']['tmp_name'] != '') {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
+
+ // Set directory in which the uploaded file will be moved
+ $file_tmp_path = $_FILES['file']['tmp_name'];
+ $upload_file_dir = "uploads/clients/$client_id/";
+ $dest_path = $upload_file_dir . $new_file_name;
+
+ move_uploaded_file($file_tmp_path, $dest_path);
+
+ //Delete old file
+ unlink("uploads/clients/$client_id/$existing_file_name");
+
+ mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id");
+ }
+ }
+
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Modify', log_description = '$session_name modified asset $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $asset_id");
diff --git a/post/contact.php b/post/contact.php
index 2090ee63..d6a2b687 100644
--- a/post/contact.php
+++ b/post/contact.php
@@ -19,10 +19,6 @@ if (isset($_POST['add_contact'])) {
$password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
}
- if (!file_exists("uploads/clients/$client_id")) {
- mkdir("uploads/clients/$client_id");
- }
-
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_password_hash = '$password_hash', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id");
$contact_id = mysqli_insert_id($mysqli);
@@ -42,29 +38,27 @@ if (isset($_POST['add_contact'])) {
}
// Check for and process image/photo
- $extended_alert_description = '';
if ($_FILES['file']['tmp_name'] != '') {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved
+ if (!file_exists("uploads/clients/$client_id")) {
+ mkdir("uploads/clients/$client_id");
+ }
$upload_file_dir = "uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
- $extended_alert_description = '. File successfully uploaded.';
- } else {
- $_SESSION['alert_type'] = "error";
- $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size';
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = '$session_name created contact $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
- $_SESSION['alert_message'] = "Contact
$name created" . $extended_alert_description;
+ $_SESSION['alert_message'] = "Contact
$name created";
header("Location: " . $_SERVER["HTTP_REFERER"]);