AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns

This commit is contained in:
johnnyq 2021-12-28 18:16:54 -05:00
parent c04353f284
commit 33400894d5
7 changed files with 103 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
add_campaign_modal.php
View File

@ -52,11 +52,38 @@
<div class="tab-pane fade" id="pills-recipients">
<legend>Recipients</legend>
<div class="form-group">
<label>Email <strong class="text-danger">*</strong></label>
<input type="text" class="form-control" name="to_email" placeholder="Recipient Email">
</div>
<ul class="list-group">
<?php
$sql_tags_select = mysqli_query($mysqli,"SELECT * FROM tags WHERE tag_type = 1 AND company_id = $session_company_id ORDER BY tag_name ASC");
while($row = mysqli_fetch_array($sql_tags_select)){
$tag_id_select = $row['tag_id'];
$tag_name_select = $row['tag_name'];
$tag_color_select = $row['tag_color'];
$tag_icon_select = $row['tag_icon'];
?>
<li class="list-group-item">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="tags[]" value="<?php echo $tag_id_select; ?>">
<label class="form-check-label ml-2 badge bg-<?php echo $tag_color_select; ?>"><?php echo "<i class='fa fw fa-$tag_icon_select'></i>"; ?> <?php echo $tag_name_select; ?></label>
</div>
</li>
<?php
}
?>
</ul>
<legend>Schedule</legend>
<div class="form-group">

4
blank.php
View File

@ -18,9 +18,9 @@
<?php
echo "$session_permission_companies";
print_r($session_permission_companies_array);
$user_agent = get_user_agent();
echo $user_agent;
?>

2
check_login.php
View File

@ -19,6 +19,8 @@
$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
$session_user_agent = "$session_device - $session_os - $session_browser";
$session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");

1
functions.php
View File

@ -85,7 +85,6 @@ function get_web_browser() {
'/maxthon/i' => 'Maxthon',
'/konqueror/i' => 'Konqueror',
'/ubrowser/i' => 'UC Browser',
'/mobile/i' => 'Handheld Browser'
);
foreach ($browser_array as $regex => $value) {
if (preg_match($regex, $user_agent)) {

2
header.php
View File

@ -64,7 +64,7 @@ scratch. This page gets rid of all links and provides the needed markup only.
//Alert Feedback
if(!empty($_SESSION['alert_message'])){
?>
<div class="alert alert-success alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<div class="alert alert-info alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<?php echo $_SESSION['alert_message']; ?>
<button class='close' data-dismiss='alert'>&times;</button>
</div>

10
login.php
View File

@ -17,6 +17,8 @@ $os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
$user_agent = "$device - $os - $browser";
?>
<?php
@ -44,7 +46,7 @@ if(isset($_POST['login'])){
if(empty($token)){
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
header("Location: dashboard.php");
}else{
@ -61,11 +63,11 @@ if(isset($_POST['login'])){
if(TokenAuth6238::verify($token,$current_code)){
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
//header("Location: $config_start_page");
header("Location: dashboard.php");
}else{
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
$response = "
<div class='alert alert-primary'>
@ -77,7 +79,7 @@ if(isset($_POST['login'])){
}
}else{
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$response = "
<div class='alert alert-danger'>

89
post.php
View File

@ -21,15 +21,27 @@ if(isset($_POST['change_records_per_page'])){
if(isset($_GET['switch_company'])){
$company_id = intval($_GET['switch_company']);
//Get Company Name
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id");
$row = mysqli_fetch_array($sql);
$company_name = $row['company_name'];
//Check to see if user has Permission to access the company
if(in_array($company_id,$session_user_company_access_array)){
mysqli_query($mysqli,"UPDATE user_settings SET user_default_company = $company_id WHERE user_id = $session_user_id");
$_SESSION['alert_type'] = "info";
$_SESSION['alert_message'] = "Switched Companies!";
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Switch', log_description = '$session_name switched to company $company_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}else{
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "What are you trying to DO! WHy did you do this? WHYYY??";
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Switch', log_description = '$session_name tried to switch to company $company_name but does not have permission', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}
header("Location: dashboard.php");
@ -90,7 +102,7 @@ if(isset($_POST['add_user'])){
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -101,8 +113,8 @@ if(isset($_POST['add_user'])){
//Create Company Access Permissions
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$name', log_created_at = NOW()");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$session_name created user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
@ -162,9 +174,12 @@ if(isset($_POST['edit_user'])){
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
//Extended Logging
$extended_log_description .= ", profile picture updated";
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -174,15 +189,17 @@ if(isset($_POST['edit_user'])){
if(!empty($new_password)){
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
//Extended Logging
$extended_log_description .= ", password changed";
}
//Update User Settings
mysqli_query($mysqli,"UPDATE user_settings SET user_role = $role, user_default_company = $default_company WHERE user_id = $user_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$user_name', log_created_at = NOW()");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$session_name modified user $name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "User <strong>$user_name</strong> updated";
$_SESSION['alert_message'] = "User <strong>$name</strong> updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -234,9 +251,12 @@ if(isset($_POST['edit_profile'])){
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
//Extended Logging
$extended_log_description .= ", profile picture updated";
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -246,12 +266,14 @@ if(isset($_POST['edit_profile'])){
if(!empty($new_password)){
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
$extended_log_description .= ", password changed";
}
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$user_name', log_created_at = NOW()");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modified', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "User <strong>$user_name</strong> updated";
$_SESSION['alert_message'] = "User preferences updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -267,11 +289,15 @@ if(isset($_POST['edit_user_companies'])){
intval($company);
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company");
}
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
$_SESSION['alert_message'] = "Companies <strong>$company</strong> added to user $user_id!";
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$session_name updated company permissions for user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Company permssions updated for user <strong>$name</strong>";
header("Location: users.php");
@ -288,8 +314,12 @@ if(isset($_POST['edit_user_clients'])){
mysqli_query($mysqli,"INSERT INTO user_clients SET user_id = $user_id, client_id = $client");
}
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$session_name updated client permissions for user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Client <strong>$client_imploded</strong> added to user $user_id!";
@ -302,10 +332,15 @@ if(isset($_GET['archive_user'])){
mysqli_query($mysqli,"UPDATE users SET user_archived_at = NOW() WHERE user_id = $user_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archived', log_description = '$user_id', log_created_at = NOW()");
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archived', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "User Archived!";
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "<strong>$name</strong> archived";
header("Location: users.php");
@ -323,11 +358,16 @@ if(isset($_GET['delete_user'])){
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM user_clients WHERE user_id = $user_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Deleted', log_description = '$user_id', log_created_at = NOW()");
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Deleted', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "User deleted!";
$_SESSION['alert_message'] = "User <strong>$name</strong> deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -1439,6 +1479,7 @@ if(isset($_POST['add_campaign'])){
$campaign_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Campaign', log_action = 'Created', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");