Create shared links page for each client, with option to deactivate links

2022-04-02 16:41:07 +01:00 · 2022-04-02 16:41:07 +01:00 · 2c632a85d0
parent cab2cc923a
commit 2c632a85d0
4 changed files with 191 additions and 0 deletions
--- a/client_routes.php
+++ b/client_routes.php
@ -102,6 +102,11 @@ if(isset($_GET['tab'])){
  elseif($_GET['tab'] == "logs"){
      include("client_logs.php");
  }
+  elseif($_GET['tab'] == "shared-items"){
+    if($session_user_role > 1){
+      include("client_shared_items.php");
+    }
+  }
 }
 else{
  include("client_overview.php");
--- a/client_shared_items.php
+++ b/client_shared_items.php
@ -0,0 +1,152 @@
+<?php
+
+//Paging
+if(isset($_GET['p'])){
+  $p = intval($_GET['p']);
+  $record_from = (($p)-1)*$_SESSION['records_per_page'];
+  $record_to = $_SESSION['records_per_page'];
+}else{
+  $record_from = 0;
+  $record_to = $_SESSION['records_per_page'];
+  $p = 1;
+}
+
+if(isset($_GET['q'])){
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  //Phone Numbers
+  $phone_query = preg_replace("/[^0-9]/", '',$q);
+  if(empty($phone_query)){
+    $phone_query = $q;
+  }
+}else{
+  $q = "";
+  $phone_query = "";
+}
+
+// Sort
+$sb = "item_created_at";
+
+if(isset($_GET['o'])){
+  if($_GET['o'] == 'ASC'){
+    $o = "ASC";
+    $disp = "DESC";
+  }else{
+    $o = "DESC";
+    $disp = "ASC";
+  }
+}else{
+  $o = "ASC";
+  $disp = "DESC";
+}
+
+//Rebuild URL
+$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM shared_items 
+  WHERE item_client_id = $client_id  
+  AND item_active = '1'
+  AND item_views != item_view_limit
+  AND item_expire_at > NOW()  
+  AND (item_note LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to");
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+
+?>
+
+  <div class="card card-dark">
+    <div class="card-header">
+      <h3 class="card-title mt-2"><i class="fa fa-fw fa-share"></i> Shared Items (Links)</h3>
+    </div>
+    <div class="card-body">
+      <form autocomplete="off">
+        <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+        <input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
+        <div class="row">
+
+          <div class="col-md-4">
+            <div class="input-group mb-3 mb-md-0">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
+              <div class="input-group-append">
+                <button class="btn btn-dark"><i class="fa fa-search"></i></button>
+              </div>
+            </div>
+          </div>
+
+        </div>
+      </form>
+      <hr>
+      <div class="table-responsive">
+        <table class="table table-striped table-borderless table-hover">
+          <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
+          <tr>
+            <th>Item Name</th>
+            <th>Item Type</th>
+            <th>Share Note</th>
+            <th>Views</th>
+            <th>Expires</th>
+            <th class="text-center">Action</th>
+          </tr>
+          </thead>
+          <tbody>
+          <?php
+
+          while($row = mysqli_fetch_array($sql)){
+            $item_id = $row['item_id'];
+            $item_active = $row['item_active'];
+            $item_key = $row['item_key'];
+            $item_type = $row['item_type'];
+            $item_related_id = $row['item_related_id'];
+            $item_note = $row['item_note'];
+            $item_views = $row['item_views'];
+            $item_view_limit = $row['item_view_limit'];
+            $item_created_at = $row['item_created_at'];
+            $item_expire_at = $row['item_expire_at'];
+
+            if($item_type == 'Login'){
+              $share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
+              $share_item = mysqli_fetch_array($share_item_sql);
+              $item_name = $share_item['login_name'];
+            }
+            elseif($item_type == 'Document'){
+              $share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
+              $share_item = mysqli_fetch_array($share_item_sql);
+              $item_name = $share_item['document_name'];
+            }
+            elseif($item_type == 'File'){
+              $share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
+              $share_item = mysqli_fetch_array($share_item_sql);
+              $item_name = $share_item['file_name'];
+            }
+
+
+            ?>
+            <tr>
+              <td><?php echo $item_name; ?></td>
+              <td><?php echo $item_type ?></td>
+              <td><?php echo $item_note ?></td>
+              <td><?php echo "$item_views / $item_view_limit" ?></td>
+              <td><?php echo $item_expire_at ?></td>
+              <td>
+                <?php if($session_user_role == 3) { ?>
+                  <div class="dropdown dropleft text-center">
+                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                      <i class="fas fa-ellipsis-h"></i>
+                    </button>
+                    <div class="dropdown-menu">
+                      <a class="dropdown-item text-danger" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>">Deactivate</a>
+                    </div>
+                  </div>
+                <?php } ?>
+              </td>
+            </tr>
+
+            <?php
+          }
+          ?>
+
+          </tbody>
+        </table>
+      </div>
+      <?php include("pagination.php"); ?>
+    </div>
+  </div>
--- a/client_side_nav.php
+++ b/client_side_nav.php
@ -306,6 +306,13 @@
          </a>
        </li>

+        <li class="nav-item">
+          <a href="?client_id=<?php echo $client_id; ?>&tab=shared-items" class="nav-link <?php if($_GET['tab'] == "shared-items") { echo "active"; } ?>">
+            <i class="nav-icon fas fa-share"></i>
+            <p>Shared Links</p>
+          </a>
+        </li>
+
      </ul>
    </nav>
    <!-- /.sidebar-menu -->
--- a/post.php
+++ b/post.php
@ -6974,6 +6974,33 @@ if (isset($_POST['rename_document_tag'])) {

 }

+if(isset($_GET['deactivate_shared_item'])){
+    if($session_user_role != 3){
+        $_SESSION['alert_type'] = "danger";
+        $_SESSION['alert_message'] = "You are not permitted to do that!";
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+        exit();
+    }
+
+    $item_id = intval($_GET['deactivate_shared_item']);
+
+    // Get details of the shared link
+    $sql = mysqli_query($mysqli, "SELECT item_type, item_related_id, item_client_id FROM shared_items WHERE item_id = '$item_id'");
+    $row = mysqli_fetch_array($sql);
+    $item_type = $row['item_type'];
+    $item_related_id = $row['item_related_id'];
+    $item_client_id = $row['item_client_id'];
+
+    // Deactivate item id
+    mysqli_query($mysqli, "UPDATE shared_items SET item_active = '0' WHERE item_id = '$item_id'");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Delete', log_description = '$session_name deactivated shared $item_type link. Item ID: $item_related_id. Share ID $item_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = '$item_client_id', log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_message'] = "Link deactivated";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
 if(isset($_GET['force_recurring'])){
    $recurring_id = intval($_GET['force_recurring']);