mirror of https://github.com/itflow-org/itflow
Fixed an issue when modifiying an asset with blank user creds would create a blank user creds, also when you clear the username on an asset it deletes the login item as well now, Updated Asset logging and alerting
This commit is contained in:
johnnyq
parent
21891b492f
commit
493a91d502
51
post.php
51
post.php
|
|
@ -5344,6 +5344,8 @@ if(isset($_POST['add_asset'])){
|
|||
}
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||
|
||||
$alert_extended = "";
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = $session_company_id");
|
||||
|
||||
$asset_id = mysqli_insert_id($mysqli);
|
||||
|
|
@ -5408,24 +5410,46 @@ if(isset($_POST['edit_asset'])){
|
|||
$username = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['username'])));
|
||||
$password = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['password'])));
|
||||
|
||||
$alert_extended = "";
|
||||
|
||||
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||
|
||||
//If login exists then update the login
|
||||
if($login_id > 0){
|
||||
if($login_id > 0 && !empty($_POST['username'])){
|
||||
mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_username = '$username', login_password = '$password' WHERE login_id = $login_id AND company_id = $session_company_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Modify', log_description = '$session_name updated login credentials for asset $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id, company_id = $session_company_id");
|
||||
|
||||
$alert_extended = " along with updating login credentials";
|
||||
}else{
|
||||
//If Username is filled in then add a login
|
||||
if(!empty($username)) {
|
||||
if(!empty($_POST['username'])) {
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_username = '$username', login_password = '$password', login_asset_id = $asset_id, login_client_id = $client_id, company_id = $session_company_id");
|
||||
|
||||
$login_id = mysqli_insert_id($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Create', log_description = '$session_name created login credentials for asset $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id, company_id = $session_company_id");
|
||||
|
||||
$alert_extended = " along with creating login credentials";
|
||||
|
||||
} else {
|
||||
mysqli_query($mysqli,"DELETE FROM logins WHERE login_id = $login_id AND company_id = $session_company_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Delete', log_description = '$session_name deleted login credential for asset $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id, company_id = $session_company_id");
|
||||
|
||||
$alert_extended = " along with deleting login credentials";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Modify', log_description = '$session_name modified asset $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $asset_id, company_id = $session_company_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Asset <strong>$name</strong> updated";
|
||||
$_SESSION['alert_message'] = "Asset <strong>$name</strong> updated $alert_extended";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
|
@ -5437,13 +5461,19 @@ if(isset($_GET['archive_asset'])){
|
|||
|
||||
$asset_id = intval($_GET['archive_asset']);
|
||||
|
||||
// Get Asset Name and Client ID for logging and alert message
|
||||
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$asset_name = strip_tags(mysqli_real_escape_string($mysqli, $row['asset_name']));
|
||||
$client_id = $row['asset_client_id'];
|
||||
|
||||
mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NOW() WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Archive', log_description = '$asset_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent'");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Archive', log_description = '$session_name archived asset $asset_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $asset_id, company_id = $session_company_id");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Asset archived";
|
||||
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> archived";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
|
@ -5455,12 +5485,19 @@ if(isset($_GET['delete_asset'])){
|
|||
|
||||
$asset_id = intval($_GET['delete_asset']);
|
||||
|
||||
// Get Asset Name and Client ID for logging and alert message
|
||||
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$asset_name = strip_tags(mysqli_real_escape_string($mysqli, $row['asset_name']));
|
||||
$client_id = $row['asset_client_id'];
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM assets WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Delete', log_description = '$asset_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Delete', log_description = '$session_name deleted asset $asset_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $asset_id, company_id = $session_company_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Asset deleted";
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> deleted";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue