From 4f2cff6fac9184e6cb0f41891b18c7420818dd9d Mon Sep 17 00:00:00 2001 From: johnnyq Date: Sat, 14 May 2022 18:14:02 -0400 Subject: [PATCH] More Archiving work, added entity_id to logs for future undo of archives in logs. --- client_assets.php | 4 +- client_overview.php | 8 ++-- database_updates.php | 12 +++++- database_version.php | 2 +- db.sql | 3 +- post.php | 90 ++++++++++++++++++++++++++++++++++---------- 6 files changed, 91 insertions(+), 28 deletions(-) diff --git a/client_assets.php b/client_assets.php index 4d4214c2..b20aa11a 100644 --- a/client_assets.php +++ b/client_assets.php @@ -58,7 +58,8 @@ $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM assets LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN logins ON login_asset_id = asset_id - WHERE asset_client_id = $client_id + WHERE asset_client_id = $client_id + AND asset_archived_at IS NULL AND (asset_name LIKE '%$q%' OR asset_type LIKE '%$q%' OR asset_ip LIKE '%$q%' OR asset_make LIKE '%$q%' OR asset_model LIKE '%$q%' OR asset_serial LIKE '%$q%' OR asset_os LIKE '%$q%' OR contact_name LIKE '%$q%' OR location_name LIKE '%$q%') AND ($type_query) ORDER BY $sb $o LIMIT $record_from, $record_to" @@ -318,6 +319,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+ Archive Delete diff --git a/client_overview.php b/client_overview.php index de2c3650..30c82877 100644 --- a/client_overview.php +++ b/client_overview.php @@ -63,7 +63,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets -
+
@@ -107,7 +107,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
-
+
@@ -151,7 +151,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
-
+
@@ -221,7 +221,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets -
+
diff --git a/database_updates.php b/database_updates.php index 6af4f33f..7f303f01 100644 --- a/database_updates.php +++ b/database_updates.php @@ -265,11 +265,19 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){ mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.2'"); } - //if(CURRENT_DATABASE_VERSION == '0.1.2'){ + if(CURRENT_DATABASE_VERSION == '0.1.2'){ // Insert queries here required to update to DB version 0.1.3 + mysqli_query($mysqli, "ALTER TABLE `logs` ADD `log_entity_id` INT NOT NULL DEFAULT '0' AFTER `log_user_id`"); // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.3'"); + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.3'"); + } + + //if(CURRENT_DATABASE_VERSION == '0.1.3'){ + // Insert queries here required to update to DB version 0.1.4 + + // Then, update the database to the next sequential version + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.4'"); //} // etc diff --git a/database_version.php b/database_version.php index f7cdb508..62459e86 100644 --- a/database_version.php +++ b/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "0.1.2"); \ No newline at end of file +DEFINE("LATEST_DATABASE_VERSION", "0.1.3"); \ No newline at end of file diff --git a/db.sql b/db.sql index 6642a626..d82213ca 100644 --- a/db.sql +++ b/db.sql @@ -705,6 +705,7 @@ CREATE TABLE `logs` ( `log_quote_id` int(11) DEFAULT NULL, `log_recurring_id` int(11) DEFAULT NULL, `log_user_id` int(11) DEFAULT NULL, + `log_entity_id` int(11) NOT NULL DEFAULT 0, `company_id` int(11) DEFAULT NULL, PRIMARY KEY (`log_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; @@ -1543,4 +1544,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2022-05-10 17:11:18 +-- Dump completed on 2022-05-14 18:12:32 diff --git a/post.php b/post.php index 95af24ee..6e4ef499 100644 --- a/post.php +++ b/post.php @@ -3158,7 +3158,7 @@ if(isset($_POST['quote_note'])){ mysqli_query($mysqli,"UPDATE quotes SET quote_note = '$note' WHERE quote_id = $quote_id AND company_id = $session_company_id"); - $_SESSION['alert_message'] = " Notes added"; + $_SESSION['alert_message'] = "Notes added"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -4143,6 +4143,8 @@ if(isset($_GET['delete_revenue'])){ } +// Client Section + if(isset($_POST['add_contact'])){ validateTechRole(); @@ -4217,7 +4219,7 @@ if(isset($_POST['add_contact'])){ } //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = '$name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = '$session_name created contact $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id"); $_SESSION['alert_message'] .= "Contact added"; @@ -4308,7 +4310,7 @@ if(isset($_POST['edit_contact'])){ } //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id"); $_SESSION['alert_message'] .= "Contact updated"; @@ -4322,12 +4324,19 @@ if(isset($_GET['archive_contact'])){ $contact_id = intval($_GET['archive_contact']); - mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NOW() WHERE contact_id = $contact_id"); + // Get Contact Name and Client ID for logging and alert message + $sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id AND company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + $contact_name = strip_tags(mysqli_real_escape_string($mysqli, $row['contact_name'])); + $client_id = $row['contact_client_id']; + + mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NOW() WHERE contact_id = $contact_id AND company_id = $session_company_id"); //logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Archive', log_description = '$contact_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent'"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Archive', log_description = '$session_name archived contact $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id"); - $_SESSION['alert_message'] = "Contact Archived!"; + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Contact ".stripslashes($contact_name)." archived. Undo"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -4339,11 +4348,18 @@ if(isset($_GET['delete_contact'])){ $contact_id = intval($_GET['delete_contact']); + // Get Contact Name and Client ID for logging and alert message + $sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id AND company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + $contact_name = strip_tags(mysqli_real_escape_string($mysqli, $row['contact_name'])); + $client_id = $row['contact_client_id']; + mysqli_query($mysqli,"DELETE FROM contacts WHERE contact_id = $contact_id AND company_id = $session_company_id"); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Delete', log_description = '$contact_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Delete', log_description = '$session_name deleted contact $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); + $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Contact deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -4387,6 +4403,10 @@ if(isset($_GET['export_client_contacts_csv'])){ //output all remaining data on a file pointer fpassthru($f); + + //Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Export', log_description = '$session_name exported contacts', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); + } exit; @@ -4475,7 +4495,7 @@ if(isset($_POST["import_client_contacts_csv"])){ fclose($file); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Import', log_description = '$session_name imported $row_count contact(s) via CSV file', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Import', log_description = '$session_name imported $row_count contact(s) via CSV file', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); $_SESSION['alert_message'] = "$row_count Contact(s) added, $duplicate_count duplicate(s) detected"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -4504,14 +4524,14 @@ if(isset($_GET['download_client_contacts_csv_template'])){ //set column headers $fields = array( - 'Full Name ', - 'Job Title ', - 'Department Name ', - 'Email Address ', - 'Office Phone ', - 'Office Extension ', - 'Mobile Phone ', - 'Office Location ' + 'Full Name ', + 'Job Title ', + 'Department Name ', + 'Email Address ', + 'Office Phone ', + 'Office Extension ', + 'Mobile Phone ', + 'Office Location ' ); fputcsv($f, $fields, $delimiter); @@ -4528,6 +4548,8 @@ if(isset($_GET['download_client_contacts_csv_template'])){ } +// 2022-05-14 Johnny Left Off Adding log_entity_id and logs / alert cleanups import / archive etc + if(isset($_POST['add_location'])){ validateAdminRole(); @@ -4696,14 +4718,20 @@ if(isset($_POST['edit_location'])){ if(isset($_GET['archive_location'])){ - validateAdminRole(); + validateTechRole(); $location_id = intval($_GET['archive_location']); + // Get Location Name and Client ID for logging and alert message + $sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id AND company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + $location_name = strip_tags(mysqli_real_escape_string($mysqli, $row['location_name'])); + $client_id = $row['location_client_id']; + mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id AND company_id = $session_company_id"); //logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Archive', log_description = '$location_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent'"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Archive', log_description = '$session_name archived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Location ".stripslashes($location_name)." archived. Undo"; @@ -4738,10 +4766,16 @@ if(isset($_GET['delete_location'])){ $location_id = intval($_GET['delete_location']); + // Get Location Name and Client ID for logging and alert message + $sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id AND company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + $location_name = strip_tags(mysqli_real_escape_string($mysqli, $row['location_name'])); + $client_id = $row['location_client_id']; + mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id AND company_id = $session_company_id"); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'location', log_action = 'Delete', log_description = '$location_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Delete', log_description = '$session_name deleted location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Location deleted"; @@ -5020,6 +5054,24 @@ if(isset($_POST['edit_asset'])){ } +if(isset($_GET['archive_asset'])){ + + validateAdminRole(); + + $asset_id = intval($_GET['archive_asset']); + + mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NOW() WHERE asset_id = $asset_id AND company_id = $session_company_id"); + + //logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Archive', log_description = '$asset_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent'"); + + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Asset archived"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); + +} + if(isset($_GET['delete_asset'])){ validateAdminRole();