From 205c4e1bec81c7005c299b26fe86a3087361c557 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 14 May 2022 11:44:48 -0400
Subject: [PATCH] Add Location Archive Functionality, do not allow archiving if
 location is primary, added undo location archive, some other cleanups

---
 client_locations.php |  6 +++++-
 post.php             | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/client_locations.php b/client_locations.php
index 25c0062c..75c1ad9f 100644
--- a/client_locations.php
+++ b/client_locations.php
@@ -22,7 +22,8 @@ if(!empty($_GET['sb'])){
 $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
 
 $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM locations 
-  WHERE location_client_id = $client_id 
+  WHERE location_client_id = $client_id
+  AND location_archived_at IS NULL
   AND (location_name LIKE '%$q%' OR location_address LIKE '%$q%' OR location_phone LIKE '%$phone_query%') 
   ORDER BY $sb $o LIMIT $record_from, $record_to");
 
@@ -123,8 +124,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLocationModal<?php echo $location_id; ?>">Edit</a>
+                  <?php if($session_user_role == 3 && $location_id !== $primary_location) { ?>
                   <div class="dropdown-divider"></div>
+                  <a class="dropdown-item text-danger" href="post.php?archive_location=<?php echo $location_id; ?>">Archive</a>
                   <a class="dropdown-item text-danger" href="post.php?delete_location=<?php echo $location_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div> 
               <?php include("client_location_edit_modal.php"); ?>     
diff --git a/post.php b/post.php
index cefe8952..55a533ec 100644
--- a/post.php
+++ b/post.php
@@ -4694,6 +4694,45 @@ if(isset($_POST['edit_location'])){
 
 }
 
+if(isset($_GET['archive_location'])){
+
+    validateAdminRole();
+
+    $location_id = intval($_GET['archive_location']);
+
+    mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id AND company_id = $session_company_id");
+
+    //logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Archive', log_description = '$location_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent'");
+
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "Location ".stripslashes($location_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_GET['undo_archive_location'])){
+
+    $location_id = intval($_GET['undo_archive_location']);
+
+    // Get Location Name and Client ID for logging and alert message
+    $sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id AND company_id = $session_company_id");
+    $row = mysqli_fetch_array($sql);
+    $location_name = strip_tags(mysqli_real_escape_string($mysqli, $row['location_name']));
+    $client_id = $row['location_client_id'];
+
+    mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id AND company_id = $session_company_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Undo Archive', log_description = '$session_name unarchived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "Location ".stripslashes($location_name)." unarchived.";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
 if(isset($_GET['delete_location'])){
 
     validateAdminRole();
@@ -4705,6 +4744,7 @@ if(isset($_GET['delete_location'])){
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'location', log_action = 'Delete', log_description = '$location_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
 
+    $_SESSION['alert_type'] = "danger";
     $_SESSION['alert_message'] = "Location deleted";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -4721,7 +4761,7 @@ if(isset($_GET['export_client_locations_csv'])){
     $client_name = $row['client_name'];
     
     //Locations
-    $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
+    $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id AND location_archived_at IS NULL AND company_id = $session_company_id ORDER BY location_name ASC");
     if($sql->num_rows > 0){
         $delimiter = ",";
         $filename = strto_AZaz09($client_name) . "-Locations-" . date('Y-m-d') . ".csv";