AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 16:24:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Calendar Events: use client_id instead of client in POST and enforceClientAccess if client is assigned to an event

Browse Source
This commit is contained in:
johnnyq
2026-03-06 15:59:18 -05:00
parent df5c350765
commit 3983c45cac
4 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
agent/post/event.php
View File

@@ -74,7 +74,12 @@ if (isset($_POST['add_event'])) {
require_once 'event_model.php';
mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
// Don't Enforce Client Access if Calendar event doesn't have a client
if ($client_id) {
enforceClientAccess();
}
mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client_id");
$event_id = mysqli_insert_id($mysqli);
@@ -84,7 +89,7 @@ if (isset($_POST['add_event'])) {
//If email is checked
if ($email_event == 1) {
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client_id");
$row = mysqli_fetch_assoc($sql_client);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
@@ -124,7 +129,7 @@ if (isset($_POST['add_event'])) {
// Logging for email (success/fail)
if ($mail === true) {
logAction("Calendar Event", "Email", "$session_name emailed event $title to $contact_name from client $client_name", $client, $event_id);
logAction("Calendar Event", "Email", "$session_name emailed event $title to $contact_name from client $client_name", $client_id, $event_id);
} else {
appNotify("Mail", "Failed to send email to $contact_email");
logAction("Mail", "Error", "Failed to send email to $contact_email regarding $subject. $mail");
@@ -132,7 +137,7 @@ if (isset($_POST['add_event'])) {
} // End mail IF
logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client, $event_id);
logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client_id, $event_id);
flash_alert("Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>");
@@ -146,14 +151,19 @@ if (isset($_POST['edit_event'])) {
require_once 'event_model.php';
// Don't Enforce Client Access if Calendar event doesn't have a client
if ($client_id) {
enforceClientAccess();
}
$event_id = intval($_POST['event_id']);
mysqli_query($mysqli,"UPDATE calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client WHERE event_id = $event_id");
mysqli_query($mysqli,"UPDATE calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client_id WHERE event_id = $event_id");
//If email is checked
if ($email_event == 1) {
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client_id");
$row = mysqli_fetch_assoc($sql_client);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
@@ -193,7 +203,7 @@ if (isset($_POST['edit_event'])) {
$mail = addToMailQueue($data);
// Logging for email (success/fail)
if ($mail === true) {
logAction("Calendar Event", "Email", "$session_name Emailed modified event $title to $contact_name email $contact_email", $client, $event_id);
logAction("Calendar Event", "Email", "$session_name Emailed modified event $title to $contact_name email $contact_email", $client_id, $event_id);
} else {
appNotify("Mail", "Failed to send email to $contact_email");
logAction("Mail", "Error", "Failed to send email to $contact_email regarding $subject. $mail");
@@ -201,7 +211,7 @@ if (isset($_POST['edit_event'])) {
} // End mail IF
logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client, $event_id);
logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client_id, $event_id);
flash_alert("Calendar event titled <strong>$title</strong> edited");
@@ -221,6 +231,11 @@ if (isset($_GET['delete_event'])) {
$event_title = sanitizeInput($row['event_title']);
$client_id = intval($row['event_client_id']);
// Don't Enforce Client Access if Calendar event doesn't have a client
if ($client_id) {
enforceClientAccess();
}
mysqli_query($mysqli,"DELETE FROM calendar_events WHERE event_id = $event_id");
logAction("Calendar Event", "Delete", "$session_name deleted calendar event $event_title", $client_id);