AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #443 from wrongecho/misc 

Misc Changes
This commit is contained in:
Johnny 2022-04-15 21:13:38 +00:00 committed by GitHub
parent 9a48bfae49 633ce5d342
commit 2fea7b36a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 581 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ajax.php
View File

@ -60,7 +60,7 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
if(isset($_GET['certificate_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -89,7 +89,7 @@ if(isset($_GET['certificate_get_json_details'])){
if(isset($_GET['domain_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -118,7 +118,7 @@ if(isset($_GET['domain_get_json_details'])){
if(isset($_GET['merge_ticket_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -146,7 +146,7 @@ if(isset($_GET['merge_ticket_get_json_details'])){
if(isset($_GET['network_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -230,7 +230,7 @@ if(isset($_GET['ticket_query_views'])){
if(isset($_GET['share_generate_link'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -282,7 +282,7 @@ if(isset($_GET['share_generate_link'])){
if(isset($_GET['scheduled_ticket_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}

27
api/v1/assets/asset_model.php Normal file
View File

@ -0,0 +1,27 @@
<?php
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
$asset_ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
if(empty($purchase_date)){
$purchase_date = "0000-00-00";
}
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
$vendor = intval($_POST['asset_vendor_id']);
$location = intval($_POST['asset_location_id']);
$contact = intval($_POST['asset_contact_id']);
$network = intval($_POST['asset_network_id']);

52
api/v1/assets/create.php
View File

@ -1,57 +1,25 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_post_method.php');
// Parse info
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
if(empty($purchase_date)){
$purchase_date = "0000-00-00";
}
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
$location = intval($_POST['location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
$client_id = intval(json_decode($_POST['client_id']));
require('asset_model.php');
if(!empty($name)){
// Default
$insert_id = FALSE;
if(!empty($name) && !empty($client_id)){
// Insert into Database
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$asset_ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if($insert_sql){
$insert_id = $mysqli->insert_id;
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
}
else{
$insert_id = FALSE;
}
// Output
include('../create_output.php');

24
api/v1/assets/read.php
View File

@ -5,37 +5,37 @@ require('../require_get_method.php');
// Asset via ID (single)
if(isset($_GET['asset_id'])){
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Asset query via type
elseif(isset($_GET['asset_type'])){
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via name
elseif(isset($_GET['asset_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via serial
elseif(isset($_GET['asset_serial'])){
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via client ID
elseif(isset($_GET['asset_client_id'])){
$client = intval($_GET['asset_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// All assets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Output

18
api/v1/certificates/read.php
View File

@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific certificate via ID (single)
if(isset($_GET['certificate_id'])){
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Certificate by name
elseif(isset($_GET['certificate_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Certificate via client ID
elseif(isset($_GET['certificate_client_id'])){
$client = intval($_GET['certificate_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
// Certificate via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// All certificates
else{
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Output

11
api/v1/contacts/contact_model.php Normal file
View File

@ -0,0 +1,11 @@
<?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
$department = intval($_POST['contact_department']);
$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
$location_id = intval($_POST['contact_location_id']);

51
api/v1/contacts/create.php
View File

@ -1,41 +1,34 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_post_method.php');
// Parse Info
$client_id = intval($_POST['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
$department = intval($_POST['contact_department']);
$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
$location_id = intval($_POST['location']);
include('contact_model.php');
if(!empty($name)){
// Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
if($insert_sql){
$insert_id = $mysqli->insert_id;
// Default
$insert_id = FALSE;
if(!empty($name) && !empty($email) && !empty($client_id)){
// Check contact with $email doesn't already exist
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
if(mysqli_num_rows($email_duplication_sql) == 0){
// Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
// Check insert & get insert ID
if($insert_sql){
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
}
}
else{
$insert_id = FALSE;
}
// Output
include('../create_output.php');

6
api/v1/contacts/read.php
View File

@ -6,18 +6,18 @@ require('../require_get_method.php');
// Specific contact via ID (single)
if(isset($_GET['contact_id'])){
$id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific contact via email (single)
elseif(isset($_GET['contact_email'])){
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All contacts
else{
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
}
// Output

28
api/v1/contacts/update.php Normal file
View File

@ -0,0 +1,28 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
// Parse Info
$contact_id = intval($_POST['contact_id']);
include('contact_model.php');
// Default
$update_id = FALSE;
if(!empty($name) && !empty($email)){
$update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID
if($update_sql){
$update_id = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../update_output.php');

4
api/v1/create_output.php
View File

@ -16,10 +16,10 @@ if(isset($insert_id) && is_numeric($insert_id)){
];
}
// Query returned false, something went wrong or it was declined due to required variables missing
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided and database schema is up-to-date. Turn on error logging and look for 'undefined index'";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
}
echo json_encode($return_arr);

18
api/v1/domains/read.php
View File

@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific domain via ID (single)
if(isset($_GET['domain_id'])){
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Domain by name
elseif(isset($_GET['domain_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Domain via client ID
elseif(isset($_GET['domain_client_id'])){
$client = intval($_GET['domain_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
// Domain via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// All domains
else{
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// Output

18
api/v1/networks/read.php
View File

@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific network via ID (single)
if(isset($_GET['network_id'])){
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Network by name
elseif(isset($_GET['network_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Network via client ID
elseif(isset($_GET['network_client_id'])){
$client = intval($_GET['network_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = '$client' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
// Network via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// All networks
else{
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Output

2
api/v1/read_output.php
View File

@ -20,7 +20,7 @@ if($sql && mysqli_num_rows($sql) > 0){
}
else{
$return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this company) with the specified parameter(s).";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
echo json_encode($return_arr);
exit();
}

5
api/v1/require_get_method.php
View File

@ -5,4 +5,9 @@ if($_SERVER['REQUEST_METHOD'] !== "GET"){
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Wildcard client ID for most SELECT queries
if($client_id == 0){
$client_id = "%";
}

15
api/v1/require_post_method.php Normal file
View File

@ -0,0 +1,15 @@
<?php
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Client ID must be specific for INSERT/UPDATE/DELETE queries
// If this API key allows any client, set $client_id to the one specified, else leave it
if($client_id == 0){
//
$client_id = intval($_POST['client_id']);
}

26
api/v1/software/read.php
View File

@ -5,37 +5,37 @@ require('../require_get_method.php');
// Specific software via ID (single)
if(isset($_GET['software_id'])){
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific software via License ID
if(isset($_GET['software_license'])){
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license = '$license' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software by name
elseif(isset($_GET['software_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Software via type
elseif(isset($_GET['software_type'])){
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software via client ID
elseif(isset($_GET['software_client_id'])){
$client = intval($_GET['software_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = '$client' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
// Software via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// All software(s)
else{
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/tickets/read.php
View File

@ -6,12 +6,12 @@ require('../require_get_method.php');
// Specific ticket via ID (single)
if(isset($_GET['ticket_id'])){
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All tickets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
}
// Output

23
api/v1/update_output.php Normal file
View File

@ -0,0 +1,23 @@
<?php
/*
* API - update_output.php
* Included on calls to update.php endpoints
* Checks the status of the update SQL query ($update_sql)
* Returns success data / fail messages
*/
// Check if the insert query was successful
if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = $update_id;
}
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module (contact/ticket/etc) id";
}
echo json_encode($return_arr);
exit();

5
api/v1/validate_api_key.php
View File

@ -86,10 +86,11 @@ if(isset($api_key)){
// Success
else{
// Set company ID & key name
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
$api_key_name = $row['api_key_name'];
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];
// Set limit & offset for queries
if(isset($_GET['limit'])){

53
api_key_add_modal.php
View File

@ -1,3 +1,6 @@
<?php
$key = keygen();
?>
<div class="modal" id="addApiKeyModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
@ -10,30 +13,72 @@
<form action="post.php" method="post" autocomplete="off">
<div class="modal-body bg-white">
<input type="hidden" name="key" value="<?php echo $key ?>">
<div class="form-group">
<label>API Key <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" value="<?php echo $key ?>" required disabled>
<div class="input-group-append">
<button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $key; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>
</div>
</div>
<hr>
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
<span class="input-group-text"><i class="fa fa-fw fa-sticky-note"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Key Name" required autofocus>
</div>
</div>
<div class="form-group">
<label>Expiration Date</label>
<label>Expiration Date <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="expire">
<input type="date" class="form-control" name="expire" required>
</div>
</div>
<div class="form-group">
<label>Client <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<select class="form-control select2" name="client" required>
<option value="">- Client -</option>
<option value="0"> ALL CLIENTS </option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name (Client ID: $client_id)"; ?></option>
<?php
}
?>
</select>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_api_key" class="btn btn-primary">Save</button>
<button type="submit" name="add_api_key" class="btn btn-primary">Add</button>
</div>
</form>
</div>

43
api_key_edit_modal.php
View File

@ -1,43 +0,0 @@
<div class="modal" id="editApiKeyModal<?php echo $api_key_id; ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-key"></i> <?php echo $api_key_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="api_key_id" value="<?php echo $api_key_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Key Name" value="<?php echo $api_key_name; ?>" required autofocus>
</div>
</div>
<div class="form-group">
<label>Expiration Date</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="expire" value="<?php echo $api_key_expire; ?>">
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_api_key" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

4
campaigns.php
View File

@ -154,13 +154,11 @@
//Set Badge color based off of campaign status
if($campaign_status == "Sent"){
$campaign_badge_color = "warning text-white";
$campaign_badge_color = "success";
}elseif($campaign_status == "Queued"){
$campaign_badge_color = "info";
}elseif($campaign_status == "Sending"){
$campaign_badge_color = "primary";
}elseif($campaign_status == "Sent"){
$campaign_badge_color = "success";
}else{
$campaign_badge_color = "secondary";
}

161
check_login.php
View File

@ -1,92 +1,95 @@
<?php
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
//Check to see if setup is enabled
if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php");
exit;
}
if(!$_SESSION['logged']){
header("Location: login.php");
die;
}
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
// User agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
if($session_user_role == 3){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 2){
$session_user_role_display = "Technician";
}else{
$session_user_role_display = "Accountant";
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
//LOAD USER COMPANY ACCESS PERMISSIONS
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while($row = mysqli_fetch_array($session_user_company_access_sql)){
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',',$session_user_company_access_array);
session_start();
}
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if(!in_array($session_company_id,$session_user_company_access_array)){
session_start();
session_destroy();
header('Location: login.php');
}
//Check to see if setup is enabled
if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php");
exit;
}
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
if(!$_SESSION['logged']){
header("Location: login.php");
die;
}
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
include("get_settings.php");
// User agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
//Detects if using an apple device and uses apple maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
$session_user_id = $_SESSION['user_id'];
if($iPod || $iPhone || $iPad){
$session_map_source = "apple";
}else{
$session_map_source = "google";
}
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
if($session_user_role == 3){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 2){
$session_user_role_display = "Technician";
}else{
$session_user_role_display = "Accountant";
}
//Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('notification_id') AS num FROM notifications WHERE notification_dismissed_at IS NULL AND company_id = $session_company_id"));
$num_notifications = $row['num'];
//LOAD USER COMPANY ACCESS PERMISSIONS
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while($row = mysqli_fetch_array($session_user_company_access_sql)){
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',',$session_user_company_access_array);
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if(!in_array($session_company_id,$session_user_company_access_array)){
session_start();
session_destroy();
header('Location: login.php');
}
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
include("get_settings.php");
//Detects if using an apple device and uses apple maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
if($iPod || $iPhone || $iPad){
$session_map_source = "apple";
}else{
$session_map_source = "google";
}
//Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('notification_id') AS num FROM notifications WHERE notification_dismissed_at IS NULL AND company_id = $session_company_id"));
$num_notifications = $row['num'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Role check failed wording
DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
?>

2
client_contact_details_modal.php
View File

@ -105,4 +105,4 @@
</div>
</div>
</div>
</div>

2
client_contact_edit_modal.php
View File

@ -185,7 +185,7 @@
<center class="mb-3">
<?php if(!empty($contact_photo)){ ?>
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<?php }else{ ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

17
client_documents.php
View File

@ -1,12 +1,13 @@
<?php
// Sort by
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "document_name";
}
# Tag from GET
// Tag from GET
if (isset($_GET['tag'])) {
$tag = intval($_GET['tag']);
# Avoid doubling up
@ -16,6 +17,14 @@ else {
$tag = '';
}
// Search query SQL snippet
if(!empty($q)){
$query_snippet = "AND (MATCH(document_content_raw) AGAINST ('$q'))";
}
else{
$query_snippet = ""; // empty
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
@ -26,15 +35,15 @@ $sql_no_tag = "SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_client_id = $client_id
AND documents.company_id = $session_company_id
AND document_template = 0
AND (document_name LIKE '%$q%' OR document_content LIKE '%$q%')
$query_snippet
ORDER BY $sb $o LIMIT $record_from, $record_to";
$sql_with_tag = "SELECT SQL_CALC_FOUND_ROWS * FROM documents
LEFT JOIN documents_tagged ON documents.document_id = documents_tagged.document_id
WHERE document_client_id = $client_id
AND document_template = 0
AND documents.company_id = $session_company_id
AND (document_name LIKE '%$q%' OR document_content LIKE '%$q%')
AND document_template = 0
$query_snippet
AND documents_tagged.tag_id LIKE '%$tag%'
ORDER BY $sb $o LIMIT $record_from, $record_to";

2
client_side_nav.php
View File

@ -228,7 +228,7 @@
</a>
</li>
<?php if($session_user_role == 1 || $session_user_role > 2 AND $config_module_enable_accounting == 1){ ?>
<?php if($session_user_role == 1 || $session_user_role > 2 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">ACCOUNTING</li>

4
clients.php
View File

@ -167,7 +167,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=client_name&order=<?php echo $order_display; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=location_city&order=<?php echo $order_display; ?>">Address </a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=contact_name&order=<?php echo $order_display; ?>">Contact</a></th>
<?php if($session_user_role == 3 || $session_user_role == 1 AND $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3 || $session_user_role == 1 && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
@ -310,7 +310,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</td>
<!-- Show Billing for Admin/Accountant roles only and if accounting module is enabled -->
<?php if($session_user_role == 3 || $session_user_role == 1 AND $config_module_enable_accounting == 1) { ?>
<?php if($session_user_role == 3 || $session_user_role == 1 && $config_module_enable_accounting == 1) { ?>
<td class="text-right">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
<br>

21
cron.php
View File

@ -201,13 +201,12 @@ while($row = mysqli_fetch_array($sql_companies)){
// Scheduled tickets
// Get date now, and calculate tomorrow's date (presuming this is being run at 11 PM)
$now = new DateTime();
$tomorrow = date_add($now, date_interval_create_from_date_string('1 day'));
$tomorrow_text = $tomorrow->format('Y-m-d');
// Get date for search
$today = new DateTime();
$today_text = $today->format('Y-m-d');
// Get scheduled tickets for tomorrow
$sql_scheduled_tickets = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets WHERE scheduled_ticket_next_run = '$tomorrow_text'");
// Get scheduled tickets for today
$sql_scheduled_tickets = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets WHERE scheduled_ticket_next_run = '$today_text'");
if(mysqli_num_rows($sql_scheduled_tickets) > 0){
while($row = mysqli_fetch_array($sql_scheduled_tickets)){
@ -237,23 +236,23 @@ while($row = mysqli_fetch_array($sql_companies)){
if($frequency == "weekly"){
// Note: We seemingly have to initialize a new datetime for each loop to avoid stacking the dates
$now = new DateTime();
$next_run = date_add($now, date_interval_create_from_date_string('1 week 1 day'));
$next_run = date_add($now, date_interval_create_from_date_string('1 week'));
}
elseif($frequency == "monthly"){
$now = new DateTime();
$next_run = date_add($now, date_interval_create_from_date_string('1 month 1 day'));
$next_run = date_add($now, date_interval_create_from_date_string('1 month'));
}
elseif($frequency == "quarterly"){
$now = new DateTime();
$next_run = date_add($now, date_interval_create_from_date_string('3 months 1 day'));
$next_run = date_add($now, date_interval_create_from_date_string('3 months'));
}
elseif($frequency == "biannually"){
$now = new DateTime();
$next_run = date_add($now, date_interval_create_from_date_string('6 months 1 day'));
$next_run = date_add($now, date_interval_create_from_date_string('6 months'));
}
elseif($frequency == "annually"){
$now = new DateTime();
$next_run = date_add($now, date_interval_create_from_date_string('12 months 1 day'));
$next_run = date_add($now, date_interval_create_from_date_string('12 months'));
}
// Update the run date

32
database_updates.php
View File

@ -19,24 +19,46 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
if(CURRENT_DATABASE_VERSION == '0.0.1'){
// Insert queries here required to update to DB version 0.0.2
// mysqli_query($mysqli, "ALTER TABLE .....");
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_itdoc` TINYINT(1) DEFAULT 1 AFTER `config_backup_path`");
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_ticketing` TINYINT(1) DEFAULT 1 AFTER `config_module_enable_itdoc`");
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_accounting` TINYINT(1) DEFAULT 1 AFTER `config_module_enable_ticketing`");
// Then, update the database to the next sequential version
//mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.2' WHERE company_id = '1'");
// Update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.2'");
}
if(CURRENT_DATABASE_VERSION == '0.0.2'){
// Insert queries here required to update to DB version 0.0.3
// Add document content raw column & index
mysqli_query($mysqli, "ALTER TABLE `documents` ADD `document_content_raw` LONGTEXT NOT NULL AFTER `document_content`, ADD FULLTEXT `document_content_raw` (`document_content_raw`)");
// Populate content raw column with existing document data
$documents_sql = mysqli_query($mysqli, "SELECT * FROM `documents`");
while($row = mysqli_fetch_array($documents_sql)){
$id = $row['document_id'];
$name = $row['document_name'];
$content = $row['document_content'];
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($name . " " . str_replace("<", " <", $content))));
mysqli_query($mysqli, "UPDATE `documents` SET `document_content_raw` = '$content_raw' WHERE `document_id` = '$id'");
}
// Add API key client column
mysqli_query($mysqli, "ALTER TABLE `api_keys` ADD `api_key_client_id` INT NOT NULL DEFAULT '0' AFTER `api_key_expire`");
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.3'");
}
if(CURRENT_DATABASE_VERSION == '0.0.3'){
// Insert queries here required to update to DB version 0.0.4
// mysqli_query($mysqli, "ALTER TABLE .....");
// Then, update the database to the next sequential version
//mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.3' WHERE company_id = '1'");
//mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.3'");
}

2
database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.0.2");
DEFINE("LATEST_DATABASE_VERSION", "0.0.3");

7
db.sql
View File

@ -50,6 +50,7 @@ CREATE TABLE `api_keys` (
`api_key_created_at` datetime NOT NULL,
`api_key_updated_at` datetime DEFAULT NULL,
`api_key_expire` date NOT NULL,
`api_key_client_id` int(11) NOT NULL DEFAULT '0',
`company_id` int(11) NOT NULL,
PRIMARY KEY (`api_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@ -397,6 +398,7 @@ CREATE TABLE `documents` (
`document_id` int(11) NOT NULL AUTO_INCREMENT,
`document_name` varchar(200) NOT NULL,
`document_content` longtext NOT NULL,
`document_content_raw` longtext NOT NULL,
`document_created_at` datetime NOT NULL,
`document_updated_at` datetime DEFAULT NULL,
`document_archived_at` datetime DEFAULT NULL,
@ -409,6 +411,11 @@ CREATE TABLE `documents` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Indexes for table `documents`
--
ALTER TABLE `documents` ADD FULLTEXT KEY `document_content_raw` (`document_content_raw`);
--
-- Table structure for table `documents_tagged`
--

2
global_search.php
View File

@ -15,7 +15,7 @@ if(isset($_GET['query'])){
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id LEFT JOIN departments ON contact_department_id = department_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");
$sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE document_name LIKE '%$query%' AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");

12
login.php
View File

@ -8,17 +8,13 @@ if(!file_exists('config.php')){
include("config.php");
include("functions.php");
//SESSION FINGERPRINT
// SESSION FINGERPRINT
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
//$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
//$device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$user_agent = "$os - $browser";
// Get user agent
// User agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
@ -59,7 +55,7 @@ if(isset($_POST['login'])){
if(isset($_POST['current_code'])){
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email'");
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email' AND user_archived_at IS NULL");
$row = mysqli_fetch_array($sql);
if (password_verify($password, $row['user_password'])) {

2
pagination_head.php
View File

@ -34,7 +34,7 @@ if(isset($_GET['o'])){
// Search
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
$q = mysqli_real_escape_string($mysqli,trim($_GET['q']));
}else{
$q = "";
}

267
post.php
View File

@ -53,7 +53,7 @@ if(isset($_POST['add_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -135,7 +135,7 @@ if(isset($_POST['edit_user'])){
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -231,6 +231,13 @@ if(isset($_POST['edit_user'])){
if(isset($_POST['edit_profile'])){
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_POST['user_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
@ -330,6 +337,13 @@ if(isset($_POST['edit_profile'])){
if(isset($_POST['edit_user_companies'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_POST['user_id']);
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
@ -356,77 +370,49 @@ if(isset($_GET['archive_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// Variables from GET
$user_id = intval($_GET['archive_user']);
$password = password_hash(key32gen(), PASSWORD_DEFAULT);
mysqli_query($mysqli,"UPDATE users SET user_archived_at = NOW() WHERE user_id = $user_id");
//Logging
//Get User Name
// Get user details
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
// Archive user query
mysqli_query($mysqli,"UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archive', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "<strong>$name</strong> archived";
$_SESSION['alert_message'] = "User <strong>$name</strong> archived";
header("Location: users.php");
}
if(isset($_GET['delete_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_GET['delete_user']);
mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM user_settings WHERE user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM logs WHERE log_user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
mysqli_query($mysqli,"DELETE FROM ticket_replies WHERE ticket_reply_by = $user_id");
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "User <strong>$name</strong> deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
// API Key
if(isset($_POST['add_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['key'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
// Gen a Key
$secret = keygen();
$client = intval($_POST['client']);
mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_created_at = NOW(), company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_client_id = '$client', api_key_created_at = NOW(), company_id = $session_company_id");
$api_key_id = mysqli_insert_id($mysqli);
@ -443,7 +429,7 @@ if(isset($_POST['edit_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -467,7 +453,7 @@ if(isset($_GET['delete_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -495,7 +481,7 @@ if(isset($_POST['add_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -601,7 +587,7 @@ if(isset($_POST['edit_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -704,7 +690,7 @@ if(isset($_GET['delete_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -798,7 +784,7 @@ if(isset($_POST['edit_general_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -820,7 +806,7 @@ if(isset($_POST['edit_mail_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -874,7 +860,7 @@ if(isset($_POST['test_email'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -918,7 +904,7 @@ if(isset($_POST['edit_invoice_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -947,7 +933,7 @@ if(isset($_POST['edit_quote_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -973,7 +959,7 @@ if(isset($_POST['edit_ticket_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -998,7 +984,7 @@ if(isset($_POST['edit_default_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1026,7 +1012,7 @@ if(isset($_POST['edit_alert_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1051,7 +1037,7 @@ if(isset($_POST['edit_online_payment_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1074,7 +1060,7 @@ if(isset($_POST['edit_integrations_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1100,7 +1086,7 @@ if(isset($_POST['edit_backup_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1123,7 +1109,7 @@ if(isset($_POST['edit_module_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1175,7 +1161,7 @@ if(isset($_GET['download_database'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1260,7 +1246,7 @@ if(isset($_POST['backup_master_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1297,7 +1283,7 @@ if(isset($_GET['update'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1325,7 +1311,7 @@ if(isset($_GET['update_db'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1348,7 +1334,7 @@ if(isset($_POST['add_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1430,7 +1416,7 @@ if(isset($_POST['edit_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1469,7 +1455,7 @@ if(isset($_GET['delete_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4193,7 +4179,7 @@ if(isset($_POST['add_contact'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4280,7 +4266,7 @@ if(isset($_POST['edit_contact'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4376,7 +4362,7 @@ if(isset($_GET['archive_contact'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4398,7 +4384,7 @@ if(isset($_GET['delete_contact'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4462,7 +4448,7 @@ if(isset($_POST['add_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4548,7 +4534,7 @@ if(isset($_POST['edit_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4638,7 +4624,7 @@ if(isset($_GET['delete_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4703,7 +4689,7 @@ if(isset($_POST['add_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4716,7 +4702,7 @@ if(isset($_POST['add_department'])){
$contact_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Create', log_description = '$department_name', log_created_at = NOW(), company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Create', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] .= "Department added";
@ -4728,7 +4714,7 @@ if(isset($_POST['edit_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4740,7 +4726,7 @@ if(isset($_POST['edit_department'])){
mysqli_query($mysqli,"UPDATE departments SET department_name = '$department_name', department_updated_at = NOW() WHERE department_id = $department_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Modify', log_description = '$department_name', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Modify', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] .= "Department updated";
@ -4752,7 +4738,7 @@ if(isset($_GET['archive_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4762,7 +4748,7 @@ if(isset($_GET['archive_department'])){
mysqli_query($mysqli,"UPDATE departments SET department_archived_at = NOW() WHERE department_id = $department_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Archive', log_description = '$department_id', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Archive', log_description = '$department_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Department Archived!";
@ -4774,7 +4760,7 @@ if(isset($_GET['delete_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4796,7 +4782,7 @@ if(isset($_POST['add_asset'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4852,7 +4838,7 @@ if(isset($_POST['edit_asset'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4915,7 +4901,7 @@ if(isset($_GET['delete_asset'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4937,7 +4923,7 @@ if(isset($_POST["import_client_assets_csv"])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5074,7 +5060,7 @@ if(isset($_GET['export_client_assets_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5123,7 +5109,7 @@ if(isset($_POST['add_software'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5187,7 +5173,7 @@ if(isset($_POST['edit_software'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5258,7 +5244,7 @@ if(isset($_GET['delete_software'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5284,7 +5270,7 @@ if(isset($_GET['export_client_software_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5333,7 +5319,7 @@ if(isset($_POST['add_login'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5365,7 +5351,7 @@ if(isset($_POST['edit_login'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5397,7 +5383,7 @@ if(isset($_GET['delete_login'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5419,7 +5405,7 @@ if(isset($_GET['export_client_logins_csv'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5469,7 +5455,7 @@ if(isset($_POST['add_network'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5497,7 +5483,7 @@ if(isset($_POST['edit_network'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5524,7 +5510,7 @@ if(isset($_POST['edit_network'])){
if(isset($_GET['delete_network'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5546,7 +5532,7 @@ if(isset($_GET['export_client_networks_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5595,7 +5581,7 @@ if(isset($_POST['add_certificate'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5637,7 +5623,7 @@ if(isset($_POST['edit_certificate'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5679,7 +5665,7 @@ if(isset($_GET['delete_certificate'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5701,7 +5687,7 @@ if(isset($_GET['export_client_certificates_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5750,7 +5736,7 @@ if(isset($_POST['add_domain'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5827,7 +5813,7 @@ if(isset($_POST['edit_domain'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5872,7 +5858,7 @@ if(isset($_GET['delete_domain'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5894,7 +5880,7 @@ if(isset($_GET['export_client_domains_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5944,7 +5930,7 @@ if(isset($_POST['add_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5975,13 +5961,14 @@ if(isset($_POST['add_ticket'])){
mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_asset_id = $asset_id, ticket_created_at = NOW(), ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
$id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $subject', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Ticket created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
header("Location: ticket.php?ticket_id=" . $id);
}
@ -5989,7 +5976,7 @@ if(isset($_POST['add_scheduled_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6019,7 +6006,7 @@ if(isset($_POST['add_scheduled_ticket'])){
mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_created_at = NOW(), scheduled_ticket_created_by = '$session_user_id', scheduled_ticket_client_id = '$client_id', scheduled_ticket_contact_id = '$contact', scheduled_ticket_asset_id = '$asset_id', company_id = '$session_company_id'");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Created scheduled ticket for $subject - $frequency', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Created scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Scheduled ticket created.";
@ -6031,7 +6018,7 @@ if(isset($_POST['edit_scheduled_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6067,7 +6054,7 @@ if(isset($_GET['delete_scheduled_ticket'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6089,7 +6076,7 @@ if(isset($_POST['edit_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6124,7 +6111,7 @@ if(isset($_POST['assign_ticket'])){
// Role check
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6175,7 +6162,7 @@ if(isset($_GET['delete_ticket'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6197,7 +6184,7 @@ if(isset($_POST['add_ticket_reply'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6291,7 +6278,7 @@ if(isset($_POST['edit_ticket_reply'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6320,7 +6307,7 @@ if(isset($_GET['archive_ticket_reply'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6342,7 +6329,7 @@ if(isset($_POST['merge_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6400,7 +6387,7 @@ if(isset($_GET['close_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6519,7 +6506,7 @@ if(isset($_GET['export_client_tickets_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6568,7 +6555,7 @@ if(isset($_POST['add_service'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6675,7 +6662,7 @@ if(isset($_POST['edit_service'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6784,7 +6771,7 @@ if(isset($_GET['delete_service'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6882,7 +6869,7 @@ if(isset($_GET['delete_file'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6912,7 +6899,7 @@ if(isset($_POST['add_document'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6927,11 +6914,13 @@ if(isset($_POST['add_document'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$tags_ids = $_POST['tags_ids'];
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content']))));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
$template = intval($_POST['template']);
$folder = intval($_POST['folder']);
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_created_at = NOW(), document_template = $template, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id");
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_created_at = NOW(), document_template = $template, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id");
$document_id = $mysqli->insert_id;
// Logging
@ -6955,7 +6944,7 @@ if(isset($_POST['edit_document'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6970,11 +6959,13 @@ if(isset($_POST['edit_document'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$tags_ids = $_POST['tags_ids'];
$content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content']))));
$content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content']))));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
$template = intval($_POST['template']);
$folder = intval($_POST['folder']);
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_updated_at = NOW(), document_template = $template, document_folder_id = $folder WHERE document_id = $document_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_updated_at = NOW(), document_template = $template, document_folder_id = $folder WHERE document_id = $document_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Note', log_action = 'Modify', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@ -7000,7 +6991,7 @@ if(isset($_GET['delete_document'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7025,7 +7016,7 @@ if (isset($_POST['add_document_tag'])) {
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7043,7 +7034,7 @@ if (isset($_POST['delete_document_tag'])) {
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7064,7 +7055,7 @@ if (isset($_POST['rename_document_tag'])) {
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7083,7 +7074,7 @@ if (isset($_POST['rename_document_tag'])) {
if(isset($_GET['deactivate_shared_item'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7516,7 +7507,7 @@ if(isset($_GET['export_client_pdf'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}

27
settings-api.php
View File

@ -10,8 +10,9 @@
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM api_keys
LEFT JOIN clients on api_keys.api_key_client_id = clients.client_id
WHERE (api_key_name LIKE '%$q%')
AND company_id = $session_company_id
AND api_keys.company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -40,6 +41,7 @@
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_client_id&o=<?php echo $disp; ?>">Client</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_secret&o=<?php echo $disp; ?>">Secret</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_created_at&o=<?php echo $disp; ?>">Created</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_expire&o=<?php echo $disp; ?>">Expire</a></th>
@ -52,15 +54,24 @@
while($row = mysqli_fetch_array($sql)){
$api_key_id = $row['api_key_id'];
$api_key_name = $row['api_key_name'];
$api_key_secret = $row['api_key_secret'];
$api_key_secret = "************" . substr($row['api_key_secret'], -4);
$api_key_created_at = $row['api_key_created_at'];
$api_key_expire = $row['api_key_expire'];
if($api_key_expire < date("Y-m-d H:i:s")){
$api_key_expire = $api_key_expire . " (Expired)";
}
if($row['api_key_client_id'] == 0){
$api_key_client = "<i>All Clients</i>";
}
else{
$api_key_client = $row['client_name'];
}
?>
<tr>
<td>
<a class="text-dark" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>"><?php echo $api_key_name; ?></a>
</td>
<td><?php echo $api_key_name; ?></td>
<td><?php echo $api_key_client; ?></td>
<td><?php echo $api_key_secret; ?></td>
<td><?php echo $api_key_created_at; ?></td>
<td><?php echo $api_key_expire; ?></td>
@ -70,17 +81,13 @@
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Delete</a>
<a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Revoke</a>
</div>
</div>
</td>
</tr>
<?php
include("api_key_edit_modal.php");
}

6
settings-modules.php
View File

@ -9,17 +9,17 @@
<div class="custom-control custom-switch mb-3">
<input type="checkbox" class="custom-control-input" name="config_module_enable_itdoc" <?php if($config_module_enable_itdoc == 1){ echo "checked"; } ?> value="1" id="customSwitch1">
<label class="custom-control-label" for="customSwitch1">Enable IT Documentation</label>
<label class="custom-control-label" for="customSwitch1">Show IT Documentation</label>
</div>
<div class="custom-control custom-switch mb-3">
<input type="checkbox" class="custom-control-input" name="config_module_enable_ticketing" <?php if($config_module_enable_ticketing == 1){ echo "checked"; } ?> value="1" id="customSwitch2">
<label class="custom-control-label" for="customSwitch2">Enable Ticketing</label>
<label class="custom-control-label" for="customSwitch2">Show Ticketing</label>
</div>
<div class="custom-control custom-switch mb-3">
<input type="checkbox" class="custom-control-input" name="config_module_enable_accounting" <?php if($config_module_enable_accounting == 1){ echo "checked"; } ?> value="1" id="customSwitch3">
<label class="custom-control-label" for="customSwitch3">Enable Invoicing / Accounting</label>
<label class="custom-control-label" for="customSwitch3">Show Invoicing / Accounting</label>
</div>
<hr>

4
ticket.php
View File

@ -440,7 +440,7 @@ if(isset($_GET['ticket_id'])){
$row = mysqli_fetch_array($sql_closed_by);
$ticket_closed_by_display = $row['user_name'];
?>
<div class="ml-1"><i class="fa fa-fw fa-user text-secondary mr-2 mb-2"></i>Closed by: <?php echo strtoupper($ticket_closed_by_display); ?></a></div>
<div class="ml-1"><i class="fa fa-fw fa-user text-secondary mr-2 mb-2"></i>Closed by: <?php echo ucwords($ticket_closed_by_display); ?></a></div>
<div class="ml-1"><i class="fa fa-fw fa-comment-dots text-secondary mr-2 mb-2"></i>Feedback: <?php echo $ticket_feedback; ?></a></div>
<?php } ?>
<?php if(!empty($ticket_total_reply_time)){ ?>
@ -599,7 +599,7 @@ if(isset($_GET['ticket_id'])){
include("ticket_edit_modal.php");
include("ticket_merge_modal.php");
include("ticket_invoice_add_modal.php");
include("ticket_invoice_existing_add_modal.php");
//include("ticket_invoice_existing_add_modal.php");
?>
<?php

16
user_archive_modal.php Normal file
View File

@ -0,0 +1,16 @@
<div class="modal" id="archiveUserModal<?php echo $user_id; ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<div class="mb-4" style="text-align: center;">
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
<h2>Are you sure?</h2>
<h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
<h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to login or use ITFlow, but all associated content will remain accessible.</h6>
<button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
<a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>">Yes, archive!</a>
</div>
</div>
</div>
</div>
</div>

4
users.php
View File

@ -12,6 +12,7 @@
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
WHERE users.user_id = user_settings.user_id
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
AND user_archived_at IS NULL
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -119,7 +120,7 @@
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserCompaniesModal<?php echo $user_id; ?>">Company Access</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_user=<?php echo $user_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#archiveUserModal<?php echo $user_id; ?>">Archive</a>
</div>
</div>
</td>
@ -129,6 +130,7 @@
include("user_edit_modal.php");
include("user_companies_modal.php");
include("user_archive_modal.php");
}