diff --git a/post.php b/post.php
index 8634d3bd..6864c39a 100644
--- a/post.php
+++ b/post.php
@@ -190,6 +190,7 @@ if(isset($_POST['edit_user'])){
if(isset($_GET['activate_user'])){
validateAdminRole();
+ validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['activate_user']);
@@ -207,6 +208,7 @@ if(isset($_GET['activate_user'])){
if(isset($_GET['disable_user'])){
validateAdminRole();
+ validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['disable_user']);
@@ -6836,7 +6838,7 @@ if(isset($_POST['merge_ticket'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Merged', log_description = 'Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number.";
-
+
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
diff --git a/users.php b/users.php
index e225a22e..085eacb0 100644
--- a/users.php
+++ b/users.php
@@ -10,11 +10,14 @@ if (!empty($_GET['sb'])) {
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
-$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
+$sql = mysqli_query(
+ $mysqli,
+ "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
WHERE users.user_id = user_settings.user_id
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
AND user_archived_at IS NULL
- ORDER BY $sb $o LIMIT $record_from, $record_to");
+ ORDER BY $sb $o LIMIT $record_from, $record_to"
+);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@@ -67,9 +70,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$user_status = intval($row['user_status']);
if ($user_status == 2) {
$user_status_display = "Invited";
- }elseif ($user_status == 1) {
+ } elseif ($user_status == 1) {
$user_status_display = "Active";
- }else{
+ } else{
$user_status_display = "Disabled";
}
$user_avatar = htmlentities($row['user_avatar']);
@@ -78,9 +81,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$user_role = $row['user_role'];
if ($user_role == 3) {
$user_role_display = "Administrator";
- }elseif ($user_role == 2) {
+ } elseif ($user_role == 2) {
$user_role_display = "Technician";
- }else{
+ } else {
$user_role_display = "Accountant";
}
$user_company_access_sql = mysqli_query($mysqli, "SELECT company_id FROM user_companies WHERE user_id = $user_id");
@@ -95,8 +98,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$sql_last_login = mysqli_query(
$mysqli,
"SELECT * FROM logs
- WHERE log_user_id = $user_id AND log_type = 'Login'
- ORDER BY log_id DESC LIMIT 1"
+ WHERE log_user_id = $user_id AND log_type = 'Login'
+ ORDER BY log_id DESC LIMIT 1"
);
$row = mysqli_fetch_array($sql_last_login);
$log_created_at = $row['log_created_at'];
@@ -115,11 +118,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
">
-
+
-
-
-
+
+
+
@@ -142,9 +145,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
+