Calendar Events: use client_id instead of client in POST and enforceClientAccess if client is assigned to an event

agent/modals/calendar/calendar_event_add.php

@@ -120,7 +120,7 @@
                         <div class="tab-pane fade" id="pills-attendees">
 
                             <?php if (isset($client_id)) { ?>
-                                <input type="hidden" name="client" value="<?php echo $client_id; ?>">
+                                <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
                             <?php } else{ ?>
 
                                 <div class="form-group">
@@ -129,7 +129,7 @@
                                         <div class="input-group-prepend">
                                             <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
                                         </div>
-                                        <select class="form-control select2" name="client">
+                                        <select class="form-control select2" name="client_id">
                                             <option value="">- Client -</option>
                                             <?php
 

agent/modals/calendar/calendar_event_edit.php

@@ -143,7 +143,7 @@ ob_start();
             <div class="tab-pane fade" id="pills-attendees<?php echo $event_id; ?>">
 
                 <?php if (isset($_GET['client_id'])) { ?>
-                    <input type="hidden" name="client" value="<?php echo $client_id; ?>">
+                    <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
                 <?php } else { ?>
 
                     <div class="form-group">

agent/post/event.php

@@ -74,7 +74,12 @@ if (isset($_POST['add_event'])) {
 
     require_once 'event_model.php';
 
-    mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
+    // Don't Enforce Client Access if Calendar event doesn't have a client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
+    mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client_id");
 
     $event_id = mysqli_insert_id($mysqli);
 
@@ -84,7 +89,7 @@ if (isset($_POST['add_event'])) {
     //If email is checked
     if ($email_event == 1) {
 
-        $sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
+        $sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client_id");
         $row = mysqli_fetch_assoc($sql_client);
         $client_name = sanitizeInput($row['client_name']);
         $contact_name = sanitizeInput($row['contact_name']);
@@ -124,7 +129,7 @@ if (isset($_POST['add_event'])) {
 
         // Logging for email (success/fail)
         if ($mail === true) {
-            logAction("Calendar Event", "Email", "$session_name emailed event $title to $contact_name from client $client_name", $client, $event_id);
+            logAction("Calendar Event", "Email", "$session_name emailed event $title to $contact_name from client $client_name", $client_id, $event_id);
         } else {
             appNotify("Mail", "Failed to send email to $contact_email");
             logAction("Mail", "Error", "Failed to send email to $contact_email regarding $subject. $mail");
@@ -132,7 +137,7 @@ if (isset($_POST['add_event'])) {
 
     } // End mail IF
 
-    logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client, $event_id);
+    logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client_id, $event_id);
 
     flash_alert("Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>");
 
@@ -146,14 +151,19 @@ if (isset($_POST['edit_event'])) {
 
     require_once 'event_model.php';
 
+    // Don't Enforce Client Access if Calendar event doesn't have a client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     $event_id = intval($_POST['event_id']);
 
-    mysqli_query($mysqli,"UPDATE calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client WHERE event_id = $event_id");
+    mysqli_query($mysqli,"UPDATE calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client_id WHERE event_id = $event_id");
 
     //If email is checked
     if ($email_event == 1) {
 
-        $sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
+        $sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client_id");
         $row = mysqli_fetch_assoc($sql_client);
         $client_name = sanitizeInput($row['client_name']);
         $contact_name = sanitizeInput($row['contact_name']);
@@ -193,7 +203,7 @@ if (isset($_POST['edit_event'])) {
         $mail = addToMailQueue($data);
         // Logging for email (success/fail)
         if ($mail === true) {
-            logAction("Calendar Event", "Email", "$session_name Emailed modified event $title to $contact_name email $contact_email", $client, $event_id);
+            logAction("Calendar Event", "Email", "$session_name Emailed modified event $title to $contact_name email $contact_email", $client_id, $event_id);
         } else {
             appNotify("Mail", "Failed to send email to $contact_email");
             logAction("Mail", "Error", "Failed to send email to $contact_email regarding $subject. $mail");
@@ -201,7 +211,7 @@ if (isset($_POST['edit_event'])) {
 
     } // End mail IF
 
-    logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client, $event_id);
+    logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client_id, $event_id);
 
     flash_alert("Calendar event titled <strong>$title</strong> edited");
 
@@ -221,6 +231,11 @@ if (isset($_GET['delete_event'])) {
     $event_title = sanitizeInput($row['event_title']);
     $client_id = intval($row['event_client_id']);
 
+    // Don't Enforce Client Access if Calendar event doesn't have a client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli,"DELETE FROM calendar_events WHERE event_id = $event_id");
 
     logAction("Calendar Event", "Delete", "$session_name deleted calendar event $event_title", $client_id);

agent/post/event_model.php

@@ -8,5 +8,5 @@ $description = sanitizeInput($_POST['description']);
 $start = sanitizeInput($_POST['start']);
 $end = sanitizeInput($_POST['end']);
 $repeat = sanitizeInput($_POST['repeat'] ?? 0);
-$client = intval($_POST['client']);
+$client_id = intval($_POST['client_id']);
 $email_event = intval($_POST['email_event'] ?? 0);