AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated file post to use new logAction function, tidy and added more details to logging

This commit is contained in:
johnnyq 2024-11-10 14:37:02 -05:00
parent e58bf3d558
commit 2a5945816d
4 changed files with 69 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client_file_link_asset_modal.php
View File

@ -8,7 +8,6 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="file_id" value="<?php echo $file_id; ?>">
<div class="modal-body bg-white">

1
client_file_move_modal.php
View File

@ -9,7 +9,6 @@
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="file_id" value="<?php echo $file_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">

1
client_file_rename_modal.php
View File

@ -9,7 +9,6 @@
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="file_id" value="<?php echo $file_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">

100
post/user/file.php
View File

@ -49,10 +49,14 @@ if (isset($_POST['upload_files'])) {
mysqli_query($mysqli,"INSERT INTO files SET file_reference_name = '$file_reference_name', file_name = '$file_name', file_description = '$description', file_ext = '$file_extension', file_hash = '$file_hash', file_mime_type = '$file_mime_type', file_size = $file_size, file_created_by = $session_user_id, file_folder_id = $folder_id, file_client_id = $client_id");
//Logging
$file_id = intval(mysqli_insert_id($mysqli));
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'File', log_action = 'Upload', log_description = '$session_name uploaded $file_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
$file_id = mysqli_insert_id($mysqli);
// Logging
logAction("File", "Upload", "$session_name uploaded file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Uploaded file <strong>$file_name</strong>";
} else {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -65,17 +69,22 @@ if (isset($_POST['rename_file'])) {
enforceUserPermission('module_support', 2);
$file_id = intval($_POST['file_id']);
$client_id = intval($_POST['client_id']);
$file_name = sanitizeInput($_POST['file_name']);
$file_description = sanitizeInput($_POST['file_description']);
// Folder edit query
// Get File Details Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$old_file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
// file edit query
mysqli_query($mysqli,"UPDATE files SET file_name = '$file_name' ,file_description = '$file_description' WHERE file_id = $file_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Rename', log_description = '$session_name renamed file to $file_name $file_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
// Logging
logAction("File", "Rename", "$session_name renamed file $old_file_name to $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "File <strong>$file_name</strong> renamed";
$_SESSION['alert_message'] = "Renamed file <strong>$old_file_name</strong> to <strong>$file_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -86,17 +95,25 @@ if (isset($_POST['move_file'])) {
enforceUserPermission('module_support', 2);
$file_id = intval($_POST['file_id']);
$client_id = intval($_POST['client_id']);
$folder_id = intval($_POST['folder_id']);
// Document edit query
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
// Get Folder Name for Logging
$sql = mysqli_query($mysqli,"SELECT folder_name FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql);
$folder_name = sanitizeInput($row['folder_name']);
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Move', log_description = '$session_name moved file', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
// Logging
logAction("File", "Move", "$session_name moved file $file_name to $folder_name", $client_id, $file_id);
$_SESSION['alert_message'] = "File moved";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> moved to <strong>$folder_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -117,7 +134,7 @@ if (isset($_GET['archive_file'])) {
mysqli_query($mysqli,"UPDATE files SET file_archived_at = NOW() WHERE file_id = $file_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Archive', log_description = '$session_name archived file $file_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
logAction("File", "Archive", "$session_name archived file $file_name", $client_id, $file_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> archived";
@ -144,7 +161,7 @@ if (isset($_POST['delete_file'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Delete', log_description = '$file_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = '$client_id', log_user_id = $session_user_id, log_entity_id = $file_id");
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> deleted";
@ -158,11 +175,11 @@ if (isset($_POST['bulk_delete_files'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
// Get selected file Count
$file_count = count($_POST['file_ids']);
// Delete file loop
if ($_POST['file_ids']) {
// Get selected file Count
$file_count = count($_POST['file_ids']);
foreach($_POST['file_ids'] as $file_id) {
@ -179,11 +196,11 @@ if (isset($_POST['bulk_delete_files'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
// Log each invidual file deletion
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Delete', log_description = '$file_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = '$client_id', log_user_id = $session_user_id");
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
}
// Log the bulk delete action
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Bulk Delete', log_description = '$session_name deleted $file_count files', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = '$client_id', log_user_id = $session_user_id");
logAction("File", "Bulk Delete", "$session_name deleted $file_count file(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You deleted <strong>$file_count</strong> files";
@ -222,14 +239,14 @@ if (isset($_POST['bulk_move_files'])) {
// file move query
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Move', log_description = '$session_name moved file $file_name to folder $folder_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
// Logging
logAction("File", "Move", "$session_name moved file $file_name to folder $folder_name", $client_id, $file_id);
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Bulk Move', log_description = '$session_name moved $file_count files to folder $folder_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $file_id");
logAction("File", "Bulk Move", "$session_name moved $file_count file(s) to folder $folder_name", $client_id);
$_SESSION['alert_message'] = "You moved <strong>$file_count</strong> files to the folder <b>$folder_name</b>";
$_SESSION['alert_message'] = "Moved <strong>$file_count</strong> files to the folder <strong>$folder_name</strong>";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -240,17 +257,27 @@ if (isset($_POST['link_asset_to_file'])) {
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$file_id = intval($_POST['file_id']);
$asset_id = intval($_POST['asset_id']);
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
// Contact add query
mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Link', log_description = 'Created File Asset link', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
logAction("File", "Link", "$session_name linked asset $asset_name to file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Asset linked with File";
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> linked to File <strong>$file_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -263,13 +290,24 @@ if (isset($_GET['unlink_asset_from_file'])) {
$asset_id = intval($_GET['asset_id']);
$file_id = intval($_GET['file_id']);
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
mysqli_query($mysqli,"DELETE FROM asset_files WHERE asset_id = $asset_id AND file_id = $file_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'unLink', log_description = 'File Asset link removed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
logAction("File", "Link", "$session_name unlinked asset $asset_name from file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Asset has been unlinked";
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> unlinked from File <strong>$file_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
}