AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor POST handling. 

- Split into admin and user handlers, each admin page gets its own file now
- Enforce role access once for admin POST requests
- Automatically load POST logic for admin-based requests based on the referring page, otherwise automatically load all user request logic
- Add support for using custom POST handlers
This commit is contained in:
Marcus Hill 2024-09-29 19:02:28 +01:00
parent 635b1f903a
commit 6363d265ca
127 changed files with 1888 additions and 1901 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
admin_logs.php → admin_audit_log.php
View File

5
admin_backup.php
View File

@ -1,13 +1,14 @@
<?php
require_once "inc_all_admin.php";
?>
?>
<div class="card card-dark mb-3">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Download Database</h3>
</div>
<div class="card-body" style="text-align: center;">
<a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download</a>
<div class="alert alert-secondary">If you are unable to back up the entire VM, you'll need to back up the files & database individually. There is no built-in restore. See the <a href="https://docs.itflow.org/backups" target="_blank">docs here</a>.</div>
<a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download database</a>
</div>
</div>

0
admin_categories.php → admin_category.php
View File

0
admin_custom_links.php → admin_custom_link.php
View File

0
admin_document_templates.php → admin_document_template.php
View File

4
admin_document_template_details.php
View File

@ -31,10 +31,10 @@ $document_updated_at = nullable_htmlentities($row['document_updated_at']);
<a href="clients.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="admin_users.php">Admin</a>
<a href="admin_user.php">Admin</a>
</li>
<li class="breadcrumb-item">
<a href="admin_document_templates.php">Document Templates</a>
<a href="admin_document_template.php">Document Templates</a>
</li>
<li class="breadcrumb-item active"><i class="fas fa-file mr-2"></i><?php echo $document_name; ?></li>
</ol>

2
admin_mail_queue_message_view.php
View File

@ -45,7 +45,7 @@ if ($email_status == 0) {
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="admin_users.php"><i class="fas fa-fw fa-user-shield mr-2"></i>Admin</a>
<a href="admin_user.php"><i class="fas fa-fw fa-user-shield mr-2"></i>Admin</a>
</li>
<li class="breadcrumb-item">
<a href="admin_mail_queue.php"><i class="fas fa-fw fa-mail-bulk mr-2"></i>Mail Queue</a>

0
admin_project_templates.php → admin_project_template.php
View File

18
admin_project_template_details.php
View File

@ -13,14 +13,14 @@ if (isset($_GET['project_template_id'])) {
);
if (mysqli_num_rows($sql_project_templates) == 0) {
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='project.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='admin_project_template.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
include_once "footer.php";
exit;
}
$row = mysqli_fetch_array($sql_project_templates);
$project_template_name = nullable_htmlentities($row['project_template_name']);
$project_template_description = nullable_htmlentities($row['project_template_description']);
$project_template_created_at = date("Y-m-d", strtotime($row['project_template_created_at']));
@ -48,10 +48,10 @@ if (isset($_GET['project_template_id'])) {
<!-- Breadcrumbs-->
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="admin_users.php">Admin</a>
<a href="admin_user.php">Admin</a>
</li>
<li class="breadcrumb-item">
<a href="admin_project_templates.php">Project Templates</a>
<a href="admin_project_template.php">Project Templates</a>
</li>
<li class="breadcrumb-item active">Project Template Details</li>
</ol>
@ -88,7 +88,7 @@ if (isset($_GET['project_template_id'])) {
</div>
</div>
</div>
<div class="col-sm-2">
<div class="btn-group float-right">
<button type="button" class="btn btn-primary btn-sm" href="#" data-toggle="modal" data-target="#addProjectTemplateTicketTemplateModal">
@ -105,7 +105,7 @@ if (isset($_GET['project_template_id'])) {
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?archive_project_template=<?php echo $project_template_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
<i class="fas fa-fw fa-archive mr-2"></i>Archive (not yet implemented)
</a>
<?php } ?>
<?php if ($session_user_role == 3) { ?>
@ -123,7 +123,7 @@ if (isset($_GET['project_template_id'])) {
<div class="row">
<div class="col-md-8">
<!-- Tickets card -->
<?php if (mysqli_num_rows($sql_ticket_templates) > 0) { ?>
<div class="card card-body card-outline card-dark mb-3">
@ -165,7 +165,7 @@ if (isset($_GET['project_template_id'])) {
</td>
<td>
<a href="admin_ticket_template_details.php?ticket_template_id=<?php echo $ticket_template_id; ?>">
<?php echo $ticket_template_name; ?>
<?php echo $ticket_template_name; ?>
</a>
</td>
<td><?php echo $ticket_template_description; ?></td>
@ -192,7 +192,7 @@ if (isset($_GET['project_template_id'])) {
</div>
<div class="col-md-4">
<!-- Task Templates Card -->
<?php if (mysqli_num_rows($sql_task_templates) > 0) { ?>
<div class="card card-body card-outline card-dark">

0
admin_roles.php → admin_role.php
View File

0
admin_settings_defaults.php → admin_settings_default.php
View File

0
admin_settings_integrations.php → admin_settings_integration.php
View File

0
admin_settings_modules.php → admin_settings_module.php
View File

0
admin_settings_notifications.php → admin_settings_notification.php
View File

42
admin_side_nav.php
View File

@ -17,13 +17,13 @@
<!-- ACCESS Section -->
<li class="nav-header">ACCESS</li>
<li class="nav-item">
<a href="admin_users.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_users.php") {echo "active";} ?>">
<a href="admin_user.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_user.php") {echo "active";} ?>">
<i class="nav-icon fas fa-users"></i>
<p>Users</p>
</a>
</li>
<li class="nav-item">
<a href="admin_roles.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_roles.php") {echo "active";} ?>">
<a href="admin_role.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_role.php") {echo "active";} ?>">
<i class="nav-icon fas fa-user-shield"></i>
<p>Roles</p>
</a>
@ -42,7 +42,7 @@
</li>
<!-- TAGS & CATEGORIES Section -->
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_tags.php', 'admin_categories.php', 'admin_taxes.php', 'admin_account_types.php', 'admin_ticket_statuses.php', 'admin_custom_links.php']) ? 'menu-open' : ''); ?>">
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_tag.php', 'admin_category.php', 'admin_tax.php', 'admin_ticket_status.php', 'admin_custom_link.php']) ? 'menu-open' : ''); ?>">
<a href="#" class="nav-link">
<p>
TAGS & CATEGORIES
@ -51,31 +51,31 @@
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="admin_tags.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_tags.php' ? 'active' : ''); ?>">
<a href="admin_tag.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_tag.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-tags"></i>
<p>Tags</p>
</a>
</li>
<li class="nav-item">
<a href="admin_categories.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_categories.php' ? 'active' : ''); ?>">
<a href="admin_category.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_category.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-list-ul"></i>
<p>Categories</p>
</a>
</li>
<li class="nav-item">
<a href="admin_taxes.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_taxes.php' ? 'active' : ''); ?>">
<a href="admin_tax.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_tax.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-balance-scale"></i>
<p>Taxes</p>
</a>
</li>
<li class="nav-item">
<a href="admin_ticket_statuses.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_ticket_statuses.php' ? 'active' : ''); ?>">
<a href="admin_ticket_status.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_ticket_status.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-info-circle"></i>
<p>Ticket Statuses</p>
</a>
</li>
<li class="nav-item">
<a href="admin_custom_links.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_custom_links.php' ? 'active' : ''); ?>">
<a href="admin_custom_link.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_custom_link.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-external-link-alt"></i>
<p>Custom Links</p>
</a>
@ -84,7 +84,7 @@
</li>
<!-- TEMPLATES Section -->
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_project_templates.php', 'admin_project_template_details.php', 'admin_ticket_templates.php', 'admin_ticket_template_details.php', 'admin_vendor_templates.php', 'admin_software_templates.php', 'admin_document_templates.php', 'admin_document_template_details.php']) ? 'menu-open' : ''); ?>">
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_project_template.php', 'admin_project_template_details.php', 'admin_ticket_template.php', 'admin_ticket_template_details.php', 'admin_vendor_template.php', 'admin_software_template.php', 'admin_document_template.php', 'admin_document_template_details.php']) ? 'menu-open' : ''); ?>">
<a href="#" class="nav-link">
<p>
TEMPLATES
@ -93,31 +93,31 @@
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="admin_project_templates.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_project_templates.php', 'admin_project_template_details.php']) ? 'active' : ''); ?>">
<a href="admin_project_template.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_project_template.php', 'admin_project_template_details.php']) ? 'active' : ''); ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>Project Templates</p>
</a>
</li>
<li class="nav-item">
<a href="admin_ticket_templates.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_ticket_templates.php', 'admin_ticket_template_details.php']) ? 'active' : ''); ?>">
<a href="admin_ticket_template.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_ticket_template.php', 'admin_ticket_template_details.php']) ? 'active' : ''); ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Ticket Templates</p>
</a>
</li>
<li class="nav-item">
<a href="admin_vendor_templates.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_vendor_templates.php' ? 'active' : ''); ?>">
<a href="admin_vendor_template.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_vendor_template.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-building"></i>
<p>Vendor Templates</p>
</a>
</li>
<li class="nav-item">
<a href="admin_software_templates.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_software_templates.php' ? 'active' : ''); ?>">
<a href="admin_software_template.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_software_template.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-rocket"></i>
<p>License Templates</p>
</a>
</li>
<li class="nav-item">
<a href="admin_document_templates.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_document_templates.php', 'admin_document_template_details.php']) ? 'active' : ''); ?>">
<a href="admin_document_template.php" class="nav-link <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_document_template.php', 'admin_document_template_details.php']) ? 'active' : ''); ?>">
<i class="nav-icon fas fa-file"></i>
<p>Document Templates</p>
</a>
@ -126,7 +126,7 @@
</li>
<!-- MAINTENANCE Section -->
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_mail_queue.php', 'admin_mail_queue_message_view.php', 'admin_logs.php', 'admin_backup.php', 'admin_debug.php', 'admin_update.php']) ? 'menu-open' : ''); ?>">
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_mail_queue.php', 'admin_mail_queue_message_view.php', 'admin_audit_log.php', 'admin_backup.php', 'admin_debug.php', 'admin_update.php']) ? 'menu-open' : ''); ?>">
<a href="#" class="nav-link">
<p>
MAINTENANCE
@ -141,7 +141,7 @@
</a>
</li>
<li class="nav-item">
<a href="admin_logs.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_logs.php' ? 'active' : ''); ?>">
<a href="admin_audit_log.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_audit_log.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-history"></i>
<p>Audit Logs</p>
</a>
@ -168,7 +168,7 @@
</li>
<!-- SETTINGS Section -->
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_settings_company.php', 'admin_settings_localization.php', 'admin_settings_theme.php', 'admin_settings_security.php', 'admin_settings_mail.php', 'admin_settings_notifications.php', 'admin_settings_defaults.php', 'admin_settings_invoice.php', 'admin_settings_quote.php', 'admin_settings_online_payment.php', 'admin_settings_project.php', 'admin_settings_ticket.php', 'admin_settings_ai.php', 'admin_settings_integrations.php', 'admin_settings_telemetry.php', 'admin_settings_modules.php']) ? 'menu-open' : ''); ?>">
<li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_settings_company.php', 'admin_settings_localization.php', 'admin_settings_theme.php', 'admin_settings_security.php', 'admin_settings_mail.php', 'admin_settings_notification.php', 'admin_settings_default.php', 'admin_settings_invoice.php', 'admin_settings_quote.php', 'admin_settings_online_payment.php', 'admin_settings_project.php', 'admin_settings_ticket.php', 'admin_settings_ai.php', 'admin_settings_integration.php', 'admin_settings_telemetry.php', 'admin_settings_module.php']) ? 'menu-open' : ''); ?>">
<a href="#" class="nav-link">
<p>
SETTINGS
@ -207,13 +207,13 @@
</a>
</li>
<li class="nav-item">
<a href="admin_settings_notifications.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_notifications.php' ? 'active' : ''); ?>">
<a href="admin_settings_notification.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_notification.php' ? 'active' : ''); ?>">
<i class="nav-icon far fa-bell"></i>
<p>Notifications</p>
</a>
</li>
<li class="nav-item">
<a href="admin_settings_defaults.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_defaults.php' ? 'active' : ''); ?>">
<a href="admin_settings_default.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_default.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-cogs"></i>
<p>Defaults</p>
</a>
@ -255,7 +255,7 @@
</a>
</li>
<li class="nav-item">
<a href="admin_settings_integrations.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_integrations.php' ? 'active' : ''); ?>">
<a href="admin_settings_integration.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_integration.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-plug"></i>
<p>Integrations</p>
</a>
@ -267,7 +267,7 @@
</a>
</li>
<li class="nav-item">
<a href="admin_settings_modules.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_modules.php' ? 'active' : ''); ?>">
<a href="admin_settings_module.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_modules.php' ? 'active' : ''); ?>">
<i class="nav-icon fas fa-cube"></i>
<p>Modules</p>
</a>

0
admin_software_templates.php → admin_software_template.php
View File

0
admin_tags.php → admin_tag.php
View File

0
admin_taxes.php → admin_tax.php
View File

0
admin_ticket_statuses.php → admin_ticket_status.php
View File

0
admin_ticket_templates.php → admin_ticket_template.php
View File

8
admin_ticket_template_details.php
View File

@ -35,10 +35,10 @@ $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE
<a href="clients.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="admin_users.php">Admin</a>
<a href="admin_user.php">Admin</a>
</li>
<li class="breadcrumb-item">
<a href="admin_ticket_templates.php">Ticket Templates</a>
<a href="admin_ticket_template.php">Ticket Templates</a>
</li>
<li class="breadcrumb-item active"><i class="fas fa-life-ring mr-2"></i><?php echo $ticket_template_name; ?></li>
</ol>
@ -58,12 +58,12 @@ $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE
</div>
</h3>
<div class="card-tools">
<button type="button" class="btn btn-default btn-sm" data-toggle="modal" data-target="#editTicketTemplateModal<?php echo $template_id; ?>">
<button type="button" class="btn btn-default btn-sm" data-toggle="modal" data-target="#editTicketTemplateModal<?php echo $ticket_template_id; ?>">
<i class="fas fa-edit"></i>
</button>
</div>
</div>
<h5><?php echo $ticket_subject; ?></h5>
<h5><?php echo $ticket_template_subject; ?></h5>
<div class="card-body prettyContent">
<?php echo $ticket_template_details; ?>
</div>

0
admin_users.php → admin_user.php
View File

0
admin_vendor_templates.php → admin_vendor_template.php
View File

6
client_overview.php
View File

@ -345,7 +345,7 @@ $sql_asset_retired = mysqli_query(
<div class="card-tools">
<form class="form-inline">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<select onchange="this.form.submit()" class="form-control form-control-sm" name="expiration_days">
<select onchange="this.form.submit()" class="form-control form-control-sm" name="expiration_days">
<option value="7" <?php if ($expiration_days == 7) { echo "selected"; } ?>>Within 7 Days</option>
<option value="30" <?php if ($expiration_days == 30) { echo "selected"; } ?>>Within 30 Days</option>
<option value="90" <?php if ($expiration_days == 90) { echo "selected"; } ?>>Within 90 Days</option>
@ -462,7 +462,7 @@ $sql_asset_retired = mysqli_query(
|| mysqli_num_rows($sql_asset_warranties_expired) > 0
|| mysqli_num_rows($sql_asset_retired) > 0
|| mysqli_num_rows($sql_licenses_expired) > 0
)
)
{ ?>
<div class="col-md-4">
@ -651,7 +651,7 @@ $sql_asset_retired = mysqli_query(
</div>
<?php if ($session_user_role == 3) { ?>
<div class="card-footer">
<a href="admin_logs.php?client=<?php echo $client_id; ?>">See More...</a>
<a href="admin_audit_log.php?client=<?php echo $client_id; ?>">See More...</a>
</div>
<?php } ?>
</div>

2
expense_add_modal.php
View File

@ -140,7 +140,7 @@
?>
</select>
<div class="input-group-append">
<a class="btn btn-secondary" href="admin_categories.php?category=Expense" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
<a class="btn btn-secondary" href="admin_category.php?category=Expense" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
</div>
</div>

2
expense_edit_modal.php
View File

@ -147,7 +147,7 @@
?>
</select>
<div class="input-group-append">
<a class="btn btn-secondary" href="admin_categories.php?category=Expense" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
<a class="btn btn-secondary" href="admin_category.php?category=Expense" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
</div>
</div>
</div>

24
functions.php
View File

@ -215,7 +215,7 @@ function formatPhoneNumber($phoneNumber)
return $phoneNumber;
}
$phoneNumber = $phoneNumber ? preg_replace('/[^0-9]/', '', $phoneNumber) : "";
if (strlen($phoneNumber) > 10) {
@ -733,12 +733,14 @@ function sanitizeInput($input)
{
global $mysqli;
// Detect encoding
$encoding = mb_detect_encoding($input, ['UTF-8', 'ISO-8859-1', 'Windows-1252', 'ISO-8859-15'], true);
if (!empty($input)) {
// Detect encoding
$encoding = mb_detect_encoding($input, ['UTF-8', 'ISO-8859-1', 'Windows-1252', 'ISO-8859-15'], true);
// If not UTF-8, convert to UTF8 (primarily Windows-1252 is problematic)
if ($encoding !== 'UTF-8') {
$input = mb_convert_encoding($input, 'UTF-8', $encoding);
// If not UTF-8, convert to UTF8 (primarily Windows-1252 is problematic)
if ($encoding !== 'UTF-8') {
$input = mb_convert_encoding($input, 'UTF-8', $encoding);
}
}
// Remove HTML and PHP tags
@ -1115,7 +1117,7 @@ function fetchUpdates() {
$updates->latest_version = $latest_version;
$updates->update_message = $update_message;
return $updates;
}
@ -1301,3 +1303,11 @@ function enforceUserPermission($module, $check_access_level = 1) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: $map[$check_access_level] access to $module is not permitted for your role.");
}
}
function enforceAdminPermission() {
global $session_is_admin;
if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
return true;
}

6
inc_all_admin.php
View File

@ -7,9 +7,9 @@ require_once "functions.php";
require_once "check_login.php";
validateAdminRole();
//if (!isset($session_is_admin) || !$session_is_admin) {
// exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
//}
// TODO: Change this to enforceAdminPermission();
// We can't do this until everyone has the new database fields added in 1.4.9 on Sept 14th 2024
require_once "header.php";

2
invoice_add_modal.php
View File

@ -73,7 +73,7 @@
?>
</select>
<div class="input-group-append">
<a class="btn btn-secondary" href="admin_categories.php?category=Income" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
<a class="btn btn-secondary" href="admin_category.php?category=Income" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
</div>
</div>
</div>

2
invoice_edit_modal.php
View File

@ -56,7 +56,7 @@
?>
</select>
<div class="input-group-append">
<a class="btn btn-secondary" href="admin_categories.php?category=Income" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
<a class="btn btn-secondary" href="admin_category.php?category=Income" target="_blank"><i class="fas fa-fw fa-plus"></i></a>
</div>
</div>
</div>

88
post.php
View File

@ -10,82 +10,60 @@ require_once "functions.php";
require_once "check_login.php";
// Load specific module logic
require_once "post/admin.php";
// Determine which files we should load
require_once "post/account.php";
// Parse URL & get the path
$path = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
require_once "post/api.php";
// Get the base name (the page name)
$module = explode(".", basename($path))[0];
require_once "post/asset.php";
// Strip off any _details bits
$module = str_ireplace('_details', '', $module);
require_once "post/bulk_mail.php";
// Dynamically load admin-related module POST logic
if (str_contains($module, 'admin') && isset($session_is_admin) && $session_is_admin) {
// As (almost) every admin setting is only changed from 1 page, we can dynamically load the relevant logic inside this single admin check IF statement
// To add a new admin POST request handler, add a file named after the admin page
// e.g. changes made on the page http://itflow/admin_ticket_statues.php will load the page post/admin/admin_ticket_statues.php to handle the changes
require_once "post/category.php";
if ($module !== 'admin_update') {
require_once "post/admin/$module.php";
}
// IF statement is temporary
require_once "post/certificate.php";
require_once "post/client.php";
require_once "post/contact.php";
require_once "post/custom_field.php";
} elseif (str_contains($module, 'xcustom')) {
// Dynamically load any custom POST logic
require_once "post/document.php";
require_once "post/xcustom/$module.php";
require_once "post/folder.php";
} else {
require_once "post/domain.php";
// Load all module POST logic
// Loads everything in post/user/
// Eventually, it would be nice to only specifically load what we need like we do for admins
require_once "post/event.php";
foreach (glob("post/user/*.php") as $user_module) {
if (!preg_match('/_model\.php$/', basename($user_module))) {
require_once $user_module;
}
}
require_once "post/expense.php";
}
require_once "post/file.php";
require_once "post/invoice.php";
// TODO: Move admin_update into the admin section to be auto-loaded
// We can't do this until everyone has the new database fields added in 1.4.9 on Sept 14th 2024
require_once "post/admin_update.php"; // Load updater
require_once "post/location.php";
require_once "post/login.php";
require_once "post/network.php";
require_once "post/product.php";
require_once "post/profile.php";
require_once "post/project.php";
require_once "post/quote.php";
require_once "post/revenue.php";
require_once "post/service.php";
require_once "post/software.php";
require_once "post/tag.php";
require_once "post/tax.php";
require_once "post/ticket.php";
require_once "post/tasks.php";
require_once "post/transfer.php";
require_once "post/trip.php";
require_once "post/user.php";
require_once "post/vendor.php";
require_once "post/budget.php";
// TODO: Find a home for these
require_once "post/ai.php";
require_once "post/misc.php";
require_once "post/rack.php";

1492
post/admin.php
View File

File diff suppressed because it is too large Load Diff

8
post/api.php → post/admin/admin_api.php
View File

@ -6,9 +6,6 @@
if (isset($_POST['add_api_key'])) {
validateAdminRole();
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
@ -35,9 +32,6 @@ if (isset($_POST['add_api_key'])) {
if (isset($_GET['delete_api_key'])) {
validateAdminRole();
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
$api_key_id = intval($_GET['delete_api_key']);
@ -59,7 +53,7 @@ if (isset($_GET['delete_api_key'])) {
}
if (isset($_POST['bulk_delete_api_keys'])) {
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0

116
post/admin/admin_backup.php Normal file
View File

@ -0,0 +1,116 @@
<?php
/*
* ITFlow - GET/POST request handler for DB / master key backup
*/
if (isset($_GET['download_database'])) {
validateCSRFToken($_GET['csrf_token']);
// Get All Table Names From the Database
$tables = array();
$sql = "SHOW TABLES";
$result = mysqli_query($mysqli, $sql);
while ($row = mysqli_fetch_row($result)) {
$tables[] = $row[0];
}
$sqlScript = "";
foreach ($tables as $table) {
// Prepare SQLscript for creating table structure
$query = "SHOW CREATE TABLE $table";
$result = mysqli_query($mysqli, $query);
$row = mysqli_fetch_row($result);
$sqlScript .= "\n\n" . $row[1] . ";\n\n";
$query = "SELECT * FROM $table";
$result = mysqli_query($mysqli, $query);
$columnCount = mysqli_num_fields($result);
// Prepare SQLscript for dumping data for each table
for ($i = 0; $i < $columnCount; $i ++) {
while ($row = mysqli_fetch_row($result)) {
$sqlScript .= "INSERT INTO $table VALUES(";
for ($j = 0; $j < $columnCount; $j ++) {
if (isset($row[$j])) {
$sqlScript .= '"' . $row[$j] . '"';
} else {
$sqlScript .= '""';
}
if ($j < ($columnCount - 1)) {
$sqlScript .= ',';
}
}
$sqlScript .= ");\n";
}
}
$sqlScript .= "\n";
}
if (!empty($sqlScript)) {
$company_name = $session_company_name;
// Save the SQL script to a backup file
$backup_file_name = date('Y-m-d') . '_ITFlow_backup.sql';
$fileHandler = fopen($backup_file_name, 'w+');
$number_of_lines = fwrite($fileHandler, $sqlScript);
fclose($fileHandler);
// Download the SQL backup file to the browser
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($backup_file_name));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($backup_file_name));
ob_clean();
flush();
readfile($backup_file_name);
exec('rm ' . $backup_file_name);
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Database', log_action = 'Download', log_description = '$session_name downloaded the database', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Database downloaded";
}
if (isset($_POST['backup_master_key'])) {
validateCSRFToken($_POST['csrf_token']);
$password = $_POST['password'];
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
$userRow = mysqli_fetch_array($sql);
if (password_verify($password, $userRow['user_password'])) {
$site_encryption_master_key = decryptUserSpecificKey($userRow['user_specific_encryption_ciphertext'], $password);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name retrieved the master encryption key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Settings', notification = '$session_name retrieved the master encryption key'");
echo "==============================";
echo "<br>Master encryption key:<br>";
echo "<b>$site_encryption_master_key</b>";
echo "<br>==============================";
} else {
//Log the failure
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name attempted to retrieve the master encryption key (failure)', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Incorrect password.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
}

0
post/bulk_mail.php → post/admin/admin_bulk_mail.php
View File

8
post/category.php → post/admin/admin_category.php
View File

@ -1,13 +1,12 @@
<?php
/*
* ITFlow - GET/POST request handler for categories
* ITFlow - GET/POST request handler for categories ('category')
*/
if (isset($_POST['add_category'])) {
require_once 'post/category_model.php';
require_once 'post/admin/admin_category_model.php';
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
@ -22,8 +21,7 @@ if (isset($_POST['add_category'])) {
if (isset($_POST['edit_category'])) {
require_once 'post/category_model.php';
require_once 'post/admin/admin_category_model.php';
$category_id = intval($_POST['category_id']);

0
post/category_model.php → post/admin/admin_category_model.php
View File

4
post/custom_field.php → post/admin/admin_custom_field.php
View File

@ -6,7 +6,7 @@
if(isset($_POST['create_custom_field'])){
require_once 'post/custom_field_model.php';
require_once 'post/admin/admin_custom_field_model.php';
$table = sanitizeInput($_POST['table']);
@ -23,7 +23,7 @@ if(isset($_POST['create_custom_field'])){
if(isset($_POST['edit_custom_field'])){
require_once 'post/custom_field_model.php';
require_once 'post/admin/admin_custom_field_model.php';
$custom_field_id = intval($_POST['custom_field_id']);

0
post/custom_field_model.php → post/admin/admin_custom_field_model.php
View File

61
post/admin/admin_custom_link.php Normal file
View File

@ -0,0 +1,61 @@
<?php
/*
* ITFlow - GET/POST request handler for showing custom links on navbars
*/
if (isset($_POST['add_custom_link'])) {
$name = sanitizeInput($_POST['name']);
$uri = sanitizeInput($_POST['uri']);
$new_tab = intval($_POST['new_tab']);
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
$order = intval($_POST['order']);
$location = intval($_POST['location']);
mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Create', log_description = '$session_name created custom link $name --> $uri', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Custom link successfully created!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_custom_link'])) {
$custom_link_id = intval($_POST['custom_link_id']);
$name = sanitizeInput($_POST['name']);
$uri = sanitizeInput($_POST['uri']);
$new_tab = intval($_POST['new_tab']);
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
$order = intval($_POST['order']);
$location = intval($_POST['location']);
mysqli_query($mysqli,"UPDATE custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location WHERE custom_link_id = $custom_link_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Modify', log_description = '$session_name edited the custom link $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Custom Link modified";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_custom_link'])) {
$custom_link_id = intval($_GET['delete_custom_link']);
mysqli_query($mysqli,"DELETE FROM custom_links WHERE custom_link_id = $custom_link_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Delete', log_description = '$session_name deleted a custom link', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Cusatom Link deleted!";
$_SESSION['alert_type'] = "error";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

28
post/admin/admin_document_template.php Normal file
View File

@ -0,0 +1,28 @@
<?php
// Doc Templates
// Import shared code from user-side docs as we reuse functions
require_once 'post/user/document.php';
if (isset($_POST['add_document_template'])) {
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0");
$document_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = '$session_name created document template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $document_id");
$_SESSION['alert_message'] = "Document template <strong>$name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

88
post/admin/admin_mail_queue.php Normal file
View File

@ -0,0 +1,88 @@
<?php
if (isset($_GET['send_failed_mail'])) {
$email_id = intval($_GET['send_failed_mail']);
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 0, email_attempts = 3 WHERE email_id = $email_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Send', log_description = '$session_name attempted to force send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id");
$_SESSION['alert_message'] = "Email Force Sent, give it a minute to resend";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['cancel_mail'])) {
$email_id = intval($_GET['cancel_mail']);
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name canceled send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id");
$_SESSION['alert_message'] = "Email cancelled and marked as failed.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['bulk_cancel_emails'])) {
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
$email_ids = $_POST['email_ids']; // Get array of email IDs to be cancelled
if (!empty($email_ids)) {
// Cycle through array and mark each email as failed
foreach ($email_ids as $email_id) {
$email_id = intval($email_id);
mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
$count++;
}
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name bulk cancelled $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Cancelled $count email(s)";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['bulk_delete_emails'])) {
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
$email_ids = $_POST['email_ids']; // Get array of email IDs to be deleted
if (!empty($email_ids)) {
// Cycle through array and delete each email
foreach ($email_ids as $email_id) {
$email_id = intval($email_id);
mysqli_query($mysqli,"DELETE FROM email_queue WHERE email_id = $email_id");
$count++;
}
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Delete', log_description = '$session_name bulk deleted $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Deleted $count email(s)";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

107
post/admin/admin_project_template.php Normal file
View File

@ -0,0 +1,107 @@
<?php
if (isset($_POST['add_project_template'])) {
validateTechRole();
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
mysqli_query($mysqli, "INSERT INTO project_templates SET project_template_name = '$name', project_template_description = '$description'");
$project_template_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Create', log_description = '$session_name created project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
$_SESSION['alert_message'] = "You created Project Template <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_project_template'])) {
validateTechRole();
$project_template_id = intval($_POST['project_template_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
mysqli_query($mysqli, "UPDATE project_templates SET project_template_name = '$name', project_template_description = '$description' WHERE project_template_id = $project_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name edited Project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
$_SESSION['alert_message'] = "You edited Project Template <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_ticket_template_order'])) {
validateTechRole();
$ticket_template_id = intval($_POST['ticket_template_id']);
$project_template_id = intval($_POST['project_template_id']);
$order = intval($_POST['order']);
mysqli_query($mysqli, "UPDATE project_template_ticket_templates SET ticket_template_order = $order WHERE ticket_template_id = $ticket_template_id AND project_template_id = $project_template_id");
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['add_ticket_template_to_project_template'])) {
validateTechRole();
$project_template_id = intval($_POST['project_template_id']);
$ticket_template_id = intval($_POST['ticket_template_id']);
$order = intval($_POST['order']);
mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id, ticket_template_order = $order");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name added a ticket template to project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
$_SESSION['alert_message'] = "You added a ticket template to the project template";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['remove_ticket_template_from_project_template'])) {
validateTechRole();
$ticket_template_id = intval($_POST['ticket_template_id']);
$project_template_id = intval($_POST['project_template_id']);
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id AND ticket_template_id = $ticket_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name removed a ticket template from a project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
$_SESSION['alert_message'] = "You removed ticket template from the project template";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_project_template'])) {
validateTechRole();
$project_template_id = intval($_GET['delete_project_template']);
// Get project template name
$sql = mysqli_query($mysqli, "SELECT * FROM project_templates WHERE project_template_id = $project_template_id");
$row = mysqli_fetch_array($sql);
$project_template_name = sanitizeInput($row['project_template_name']);
mysqli_query($mysqli, "DELETE FROM project_templates WHERE project_template_id = $project_template_id");
// Remove Associated Ticket Templates
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Delete', log_description = '$session_name deleted ticket template $project_template_name and its associated ticket templates and its tasks', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You Deleted Project Template <strong>$project_template_name</strong> and its associated ticket templates and tasks";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

56
post/admin/admin_role.php Normal file
View File

@ -0,0 +1,56 @@
<?php
/*
* ITFlow - GET/POST request handler for roles
*/
if (isset($_POST['add_role'])) {
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['role_name']);
$description = sanitizeInput($_POST['role_description']);
$admin = intval($_POST['role_is_admin']);
mysqli_query($mysqli, "INSERT INTO user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Create', log_description = '$session_name created the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Role $name created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_role'])) {
validateCSRFToken($_POST['csrf_token']);
// Update role metadata
$role_id = sanitizeInput($_POST['role_id']);
$name = sanitizeInput($_POST['role_name']);
$description = sanitizeInput($_POST['role_description']);
$admin = intval($_POST['role_is_admin']);
mysqli_query($mysqli, "UPDATE user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin WHERE user_role_id = $role_id");
// Update role access levels
mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id");
foreach ($_POST as $key => $value) {
if (str_contains($key, '##module_')){
$module_id = intval(explode('##', $key)[0]);
$access_level = intval($value);
if ($access_level > 0) {
echo $key . ' with id ' . $module_id . " : ". $access_level . "\n";
mysqli_query($mysqli, "INSERT INTO user_role_permissions SET user_role_id = $role_id, module_id = $module_id, user_role_permission_level = $access_level");
}
}
}
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Modify', log_description = '$session_name updated the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Role $name updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

55
post/admin/admin_settings_company.php Normal file
View File

@ -0,0 +1,55 @@
<?php
if (isset($_POST['edit_company'])) {
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$address = sanitizeInput($_POST['address']);
$city = sanitizeInput($_POST['city']);
$state = sanitizeInput($_POST['state']);
$zip = sanitizeInput($_POST['zip']);
$country = sanitizeInput($_POST['country']);
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$email = sanitizeInput($_POST['email']);
$website = sanitizeInput($_POST['website']);
$sql = mysqli_query($mysqli,"SELECT company_logo FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['company_logo']);
// Check to see if a file is attached
if ($_FILES['file']['tmp_name'] != '') {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
// Delete old file
unlink("uploads/settings/$existing_file_name");
// Set Logo
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Modify', log_description = '$session_name modified company $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Company <strong>$name</strong> updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

27
post/admin/admin_settings_default.php Normal file
View File

@ -0,0 +1,27 @@
<?php
if (isset($_POST['edit_default_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$start_page = sanitizeInput($_POST['start_page']);
$expense_account = intval($_POST['expense_account']);
$payment_account = intval($_POST['payment_account']);
$payment_method = sanitizeInput($_POST['payment_method']);
$expense_payment_method = sanitizeInput($_POST['expense_payment_method']);
$transfer_from_account = intval($_POST['transfer_from_account']);
$transfer_to_account = intval($_POST['transfer_to_account']);
$calendar = intval($_POST['calendar']);
$net_terms = intval($_POST['net_terms']);
$hourly_rate = floatval($_POST['hourly_rate']);
$phone_mask = intval($_POST['phone_mask']);
mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$start_page', config_default_expense_account = $expense_account, config_default_payment_account = $payment_account, config_default_payment_method = '$payment_method', config_default_expense_payment_method = '$expense_payment_method', config_default_transfer_from_account = $transfer_from_account, config_default_transfer_to_account = $transfer_to_account, config_default_calendar = $calendar, config_default_net_terms = $net_terms, config_default_hourly_rate = $hourly_rate, config_phone_mask = $phone_mask WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified default settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Default settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

19
post/admin/admin_settings_integration.php Normal file
View File

@ -0,0 +1,19 @@
<?php
if (isset($_POST['edit_integrations_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$azure_client_id = sanitizeInput($_POST['azure_client_id']);
$azure_client_secret = sanitizeInput($_POST['azure_client_secret']);
mysqli_query($mysqli,"UPDATE settings SET config_azure_client_id = '$azure_client_id', config_azure_client_secret = '$azure_client_secret' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified integrations settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Integrations Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

25
post/admin/admin_settings_invoice.php Normal file
View File

@ -0,0 +1,25 @@
<?php
if (isset($_POST['edit_invoice_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_invoice_prefix = sanitizeInput($_POST['config_invoice_prefix']);
$config_invoice_next_number = intval($_POST['config_invoice_next_number']);
$config_invoice_footer = sanitizeInput($_POST['config_invoice_footer']);
$config_invoice_late_fee_enable = intval($_POST['config_invoice_late_fee_enable']);
$config_invoice_late_fee_percent = floatval($_POST['config_invoice_late_fee_percent']);
$config_recurring_prefix = sanitizeInput($_POST['config_recurring_prefix']);
$config_recurring_next_number = intval($_POST['config_recurring_next_number']);
mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_invoice_footer = '$config_invoice_footer', config_invoice_late_fee_enable = $config_invoice_late_fee_enable, config_invoice_late_fee_percent = $config_invoice_late_fee_percent, config_recurring_prefix = '$config_recurring_prefix', config_recurring_next_number = $config_recurring_next_number WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited invoice settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Invoice Settings edited";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

22
post/admin/admin_settings_localization.php Normal file
View File

@ -0,0 +1,22 @@
<?php
if (isset($_POST['edit_localization'])) {
validateCSRFToken($_POST['csrf_token']);
$locale = sanitizeInput($_POST['locale']);
$currency_code = sanitizeInput($_POST['currency_code']);
$timezone = sanitizeInput($_POST['timezone']);
mysqli_query($mysqli,"UPDATE companies SET company_locale = '$locale', company_currency = '$currency_code' WHERE company_id = 1");
mysqli_query($mysqli,"UPDATE settings SET config_timezone = '$timezone' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Edit', log_description = '$session_name edited company localization settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Company localization updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

157
post/admin/admin_settings_mail.php Normal file
View File

@ -0,0 +1,157 @@
<?php
if (isset($_POST['edit_mail_smtp_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_smtp_host = sanitizeInput($_POST['config_smtp_host']);
$config_smtp_port = intval($_POST['config_smtp_port']);
$config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']);
$config_smtp_username = sanitizeInput($_POST['config_smtp_username']);
$config_smtp_password = sanitizeInput($_POST['config_smtp_password']);
mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_encryption = '$config_smtp_encryption', config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = 1");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified SMTP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "SMTP Mail Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_mail_imap_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_imap_host = sanitizeInput($_POST['config_imap_host']);
$config_imap_username = sanitizeInput($_POST['config_imap_username']);
$config_imap_password = sanitizeInput($_POST['config_imap_password']);
$config_imap_port = intval($_POST['config_imap_port']);
$config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']);
mysqli_query($mysqli,"UPDATE settings SET config_imap_host = '$config_imap_host', config_imap_port = $config_imap_port, config_imap_encryption = '$config_imap_encryption', config_imap_username = '$config_imap_username', config_imap_password = '$config_imap_password' WHERE company_id = 1");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified IMAP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "IMAP Mail Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_mail_from_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL));
$config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name']));
$config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL));
$config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name']));
$config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL));
$config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name']));
$config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL));
$config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name']));
mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified Mail From settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Mail From Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['test_email_smtp'])) {
validateCSRFToken($_POST['csrf_token']);
$test_email = intval($_POST['test_email']);
if($test_email == 1) {
$email_from = sanitizeInput($config_mail_from_email);
$email_from_name = sanitizeInput($config_mail_from_name);
} elseif ($test_email == 2) {
$email_from = sanitizeInput($config_invoice_from_email);
$email_from_name = sanitizeInput($config_invoice_from_name);
} elseif ($test_email == 3) {
$email_from = sanitizeInput($config_quote_from_email);
$email_from_name = sanitizeInput($config_quote_from_name);
} else {
$email_from = sanitizeInput($config_ticket_from_email);
$email_from_name = sanitizeInput($config_ticket_from_name);
}
$email_to = sanitizeInput($_POST['email_to']);
$subject = "Test email from ITFlow";
$body = "This is a test email from ITFlow. If you are reading this, it worked!";
$data = [
[
'from' => $email_from,
'from_name' => $email_from_name,
'recipient' => $email_to,
'recipient_name' => 'Chap',
'subject' => $subject,
'body' => $body
]
];
$mail = addToMailQueue($mysqli, $data);
if ($mail === true) {
$_SESSION['alert_message'] = "Test email queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>";
} else {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Failed to add test mail to queue";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
// Test IMAP
// Autoload Composer dependencies
// require_once __DIR__ . '/../plugins/php-imap/vendor/autoload.php';
// Webklex PHP-IMAP
//use Webklex\PHPIMAP\ClientManager;
if (isset($_POST['test_email_imap'])) {
/*
validateCSRFToken($_POST['csrf_token']);
try {
// Initialize the client manager and create the client
$clientManager = new ClientManager();
$client = $clientManager->make([
'host' => $config_imap_host,
'port' => $config_imap_port,
'encryption' => $config_imap_encryption,
'validate_cert' => true,
'username' => $config_imap_username,
'password' => $config_imap_password,
'protocol' => 'imap'
]);
// Connect to the IMAP server
$client->connect();
$_SESSION['alert_message'] = "Connected successfully";
} catch (Exception $e) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Test IMAP connection failed: " . $e->getMessage();
}
*/
$_SESSION['alert_message'] = "Test is Work In Progress";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

27
post/admin/admin_settings_module.php Normal file
View File

@ -0,0 +1,27 @@
<?php
if (isset($_POST['edit_module_settings'])) {
$config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc']);
$config_module_enable_ticketing = intval($_POST['config_module_enable_ticketing']);
$config_module_enable_accounting = intval($_POST['config_module_enable_accounting']);
$config_client_portal_enable = intval($_POST['config_client_portal_enable']);
$config_whitelabel_key = $_POST['config_whitelabel_key'];
mysqli_query($mysqli,"UPDATE settings SET config_module_enable_itdoc = $config_module_enable_itdoc, config_module_enable_ticketing = $config_module_enable_ticketing, config_module_enable_accounting = $config_module_enable_accounting, config_client_portal_enable = $config_client_portal_enable WHERE company_id = 1");
// Validate white label key
if (!empty($config_whitelabel_key && validateWhitelabelKey($config_whitelabel_key))) {
mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 1, config_whitelabel_key = '$config_whitelabel_key' WHERE company_id = 1");
} else {
mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 0, config_whitelabel_key = '' WHERE company_id = 1");
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified module settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Module Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

38
post/admin/admin_settings_notification.php Normal file
View File

@ -0,0 +1,38 @@
<?php
if (isset($_POST['edit_notification_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_enable_cron = intval($_POST['config_enable_cron']);
$config_cron_key = sanitizeInput($_POST['config_cron_key']);
$config_enable_alert_domain_expire = intval($_POST['config_enable_alert_domain_expire']);
$config_send_invoice_reminders = intval($_POST['config_send_invoice_reminders']);
$config_recurring_auto_send_invoice = intval($_POST['config_recurring_auto_send_invoice']);
$config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications']);
mysqli_query($mysqli,"UPDATE settings SET config_send_invoice_reminders = $config_send_invoice_reminders, config_recurring_auto_send_invoice = $config_recurring_auto_send_invoice, config_enable_cron = $config_enable_cron, config_enable_alert_domain_expire = $config_enable_alert_domain_expire, config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified notification settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Notification Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['generate_cron_key'])) {
$key = randomString(32);
mysqli_query($mysqli,"UPDATE settings SET config_cron_key = '$key' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name regenerated cron key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Cron key regenerated!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

24
post/admin/admin_settings_online_payment.php Normal file
View File

@ -0,0 +1,24 @@
<?php
if (isset($_POST['edit_online_payment_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_stripe_enable = intval($_POST['config_stripe_enable']);
$config_stripe_publishable = sanitizeInput($_POST['config_stripe_publishable']);
$config_stripe_secret = sanitizeInput($_POST['config_stripe_secret']);
$config_stripe_account = intval($_POST['config_stripe_account']);
$config_stripe_expense_vendor = intval($_POST['config_stripe_expense_vendor']);
$config_stripe_expense_category = intval($_POST['config_stripe_expense_category']);
$config_stripe_percentage_fee = floatval($_POST['config_stripe_percentage_fee']) / 100;
$config_stripe_flat_fee = floatval($_POST['config_stripe_flat_fee']);
mysqli_query($mysqli,"UPDATE settings SET config_stripe_enable = $config_stripe_enable, config_stripe_publishable = '$config_stripe_publishable', config_stripe_secret = '$config_stripe_secret', config_stripe_account = $config_stripe_account, config_stripe_expense_vendor = $config_stripe_expense_vendor, config_stripe_expense_category = $config_stripe_expense_category, config_stripe_percentage_fee = $config_stripe_percentage_fee, config_stripe_flat_fee = $config_stripe_flat_fee WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified online payment settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Online Payment Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

19
post/admin/admin_settings_project.php Normal file
View File

@ -0,0 +1,19 @@
<?php
if (isset($_POST['edit_project_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_project_prefix = sanitizeInput($_POST['config_project_prefix']);
$config_project_next_number = intval($_POST['config_project_next_number']);
mysqli_query($mysqli,"UPDATE settings SET config_project_prefix = '$config_project_prefix', config_project_next_number = $config_project_next_number WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified project settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Project Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

20
post/admin/admin_settings_quote.php Normal file
View File

@ -0,0 +1,20 @@
<?php
if (isset($_POST['edit_quote_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_quote_prefix = sanitizeInput($_POST['config_quote_prefix']);
$config_quote_next_number = intval($_POST['config_quote_next_number']);
$config_quote_footer = sanitizeInput($_POST['config_quote_footer']);
mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified quote settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Quote Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

21
post/admin/admin_settings_security.php Normal file
View File

@ -0,0 +1,21 @@
<?php
if (isset($_POST['edit_security_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_login_message = sanitizeInput($_POST['config_login_message']);
$config_login_key_required = intval($_POST['config_login_key_required']);
$config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
$config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
$config_log_retention = intval($_POST['config_log_retention']);
mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire, config_log_retention = $config_log_retention WHERE company_id = 1");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Login key settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

18
post/admin/admin_settings_telemetry.php Normal file
View File

@ -0,0 +1,18 @@
<?php
if (isset($_POST['edit_telemetry_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_telemetry = intval($_POST['config_telemetry']);
mysqli_query($mysqli,"UPDATE settings SET config_telemetry = $config_telemetry WHERE company_id = 1");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified telemetry settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Telemetry Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

55
post/admin/admin_settings_theme.php Normal file
View File

@ -0,0 +1,55 @@
<?php
if (isset($_POST['edit_theme_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$theme = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['theme']));
mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified theme settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Changed theme to <strong>$theme</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_favicon_settings'])) {
validateCSRFToken($_POST['csrf_token']);
// Check to see if a file is attached
if ($_FILES['file']['tmp_name'] != '') {
if ($new_file_name = checkFileUpload($_FILES['file'], array('ico'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
// Delete old file
if(file_exists("uploads/favicon.ico")) {
unlink("uploads/favicon.ico");
}
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/";
//Force File Name
$new_file_name = "favicon.ico";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name updated the favicon', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "You updated the favicon";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

22
post/admin/admin_settings_ticket.php Normal file
View File

@ -0,0 +1,22 @@
<?php
if (isset($_POST['edit_ticket_settings'])) {
$config_ticket_prefix = sanitizeInput($_POST['config_ticket_prefix']);
$config_ticket_next_number = intval($_POST['config_ticket_next_number']);
$config_ticket_email_parse = intval($_POST['config_ticket_email_parse']);
$config_ticket_email_parse_unknown_senders = intval($_POST['config_ticket_email_parse_unknown_senders']);
$config_ticket_default_billable = intval($_POST['config_ticket_default_billable']);
$config_ticket_autoclose_hours = intval($_POST['config_ticket_autoclose_hours']);
$config_ticket_new_ticket_notification_email = sanitizeInput($_POST['config_ticket_new_ticket_notification_email']);
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_email_parse = $config_ticket_email_parse, config_ticket_email_parse_unknown_senders = $config_ticket_email_parse_unknown_senders, config_ticket_autoclose_hours = $config_ticket_autoclose_hours, config_ticket_new_ticket_notification_email = '$config_ticket_new_ticket_notification_email', config_ticket_default_billable = $config_ticket_default_billable WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Ticket Settings updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

48
post/admin/admin_software_template.php Normal file
View File

@ -0,0 +1,48 @@
<?php
// Software/License Templates
// Import shared code from software-side tickets as we reuse functions
require_once 'post/user/software.php';
if (isset($_POST['add_software_template'])) {
$name = sanitizeInput($_POST['name']);
$version = sanitizeInput($_POST['version']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$license_type = sanitizeInput($_POST['license_type']);
$notes = sanitizeInput($_POST['notes']);
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes', software_template = 1, software_client_id = 0");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Template', log_action = 'Create', log_description = '$session_user_name created software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Software template created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_software_template'])) {
$software_id = intval($_POST['software_id']);
$name = sanitizeInput($_POST['name']);
$version = sanitizeInput($_POST['version']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$license_type = sanitizeInput($_POST['license_type']);
$notes = sanitizeInput($_POST['notes']);
mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes' WHERE software_id = $software_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Teplate', log_action = 'Modify', log_description = '$session_name modified software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Software template updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

6
post/tag.php → post/admin/admin_tag.php
View File

@ -6,8 +6,7 @@
if (isset($_POST['add_tag'])) {
require_once 'post/tag_model.php';
require_once 'post/admin/admin_tag_model.php';
mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'");
@ -22,8 +21,7 @@ if (isset($_POST['add_tag'])) {
if (isset($_POST['edit_tag'])) {
require_once 'post/tag_model.php';
require_once 'post/admin/admin_tag_model.php';
$tag_id = intval($_POST['tag_id']);

0
post/tag_model.php → post/admin/admin_tag_model.php
View File

0
post/tax.php → post/admin/admin_tax.php
View File

57
post/admin/admin_ticket_status.php Normal file
View File

@ -0,0 +1,57 @@
<?php
if (isset($_POST['add_ticket_status'])) {
$name = sanitizeInput($_POST['name']);
$color = sanitizeInput($_POST['color']);
mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color'");
$ticket_status_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Create', log_description = '$session_name created ticket status $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
$_SESSION['alert_message'] = "You created Ticket Status <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_ticket_status'])) {
$ticket_status_id = intval($_POST['ticket_status_id']);
$name = sanitizeInput($_POST['name']);
$color = sanitizeInput($_POST['color']);
$status = intval($_POST['status']);
mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Edit', log_description = '$session_name edited ticket status $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
$_SESSION['alert_message'] = "You edited Ticket Status <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_ticket_status'])) {
$ticket_status_id = intval($_GET['delete_ticket_status']);
// Get ticket status name for logging and notification
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
$row = mysqli_fetch_array($sql);
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
mysqli_query($mysqli, "DELETE FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Delete', log_description = '$session_name deleted ticket_status $ticket_status_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You Deleted Ticket Status <strong>$ticket_status_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

131
post/admin/admin_ticket_template.php Normal file
View File

@ -0,0 +1,131 @@
<?php
// Ticket Templates
// Import shared code from user-side tickets/tasks as we reuse functions
require_once 'post/user/ticket.php';
require_once 'post/user/task.php';
if (isset($_POST['add_ticket_template'])) {
validateTechRole();
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$subject = sanitizeInput($_POST['subject']);
$details = mysqli_real_escape_string($mysqli, $_POST['details']);
$project_template_id = intval($_POST['project_template']);
mysqli_query($mysqli, "INSERT INTO ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details'");
$ticket_template_id = mysqli_insert_id($mysqli);
if($project_template_id) {
mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id");
}
// Add Tasks to ticket template
if (!empty($_POST['tasks'])) {
foreach($_POST['tasks'] as $task) {
$task_template_name = sanitizeInput($task);
if (!empty($task_template_name)) {
mysqli_query($mysqli,"INSERT INTO task_templates SET task_template_name = '$task_template_name', task_template_ticket_template_id = $ticket_template_id");
}
}
}
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Create', log_description = '$session_name created ticket template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
$_SESSION['alert_message'] = "You created Ticket Template <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_ticket_template'])) {
validateTechRole();
$ticket_template_id = intval($_POST['ticket_template_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$subject = sanitizeInput($_POST['subject']);
$details = mysqli_real_escape_string($mysqli, $_POST['details']);
mysqli_query($mysqli, "UPDATE ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details' WHERE ticket_template_id = $ticket_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Edit', log_description = '$session_name edited ticket template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
$_SESSION['alert_message'] = "You edited Ticket Template <strong>$name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_ticket_template'])) {
validateTechRole();
$ticket_template_id = intval($_GET['delete_ticket_template']);
// Get ticket template name
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
$row = mysqli_fetch_array($sql);
$ticket_template_name = sanitizeInput($row['ticket_template_name']);
mysqli_query($mysqli, "DELETE FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
// Delete Associated Tasks
mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
// Remove from Associated Project Templates
mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE ticket_template_id = $ticket_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Delete', log_description = '$session_name deleted ticket template $ticket_template_name and its tasks', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You Deleted Ticket Template <strong>$ticket_template_name</strong> and its associated tasks";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['add_ticket_template_task'])) {
validateTechRole();
$ticket_template_id = intval($_POST['ticket_template_id']);
$task_name = sanitizeInput($_POST['task_name']);
mysqli_query($mysqli, "INSERT INTO task_templates SET task_template_name = '$task_name', task_template_ticket_template_id = $ticket_template_id");
$task_template_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task Template', log_action = 'Create', log_description = '$session_name created task template $task_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
$_SESSION['alert_message'] = "You created Task Template <strong>$task_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_task_template'])) {
validateTechRole();
$task_template_id = intval($_GET['delete_task_template']);
// Get task template name
$sql = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_id = $task_template_id");
$row = mysqli_fetch_array($sql);
$task_template_name = sanitizeInput($row['task_template_name']);
mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_id = $task_template_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task Template', log_action = 'Delete', log_description = '$session_name deleted task template $task_template_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $task_template_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You Deleted Task Template <strong>$task_template_name</strong>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

22
post/user.php → post/admin/admin_user.php
View File

@ -6,11 +6,10 @@
if (isset($_POST['add_user'])) {
require_once 'post/user_model.php';
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
require_once 'post/admin/admin_user_model.php';
$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
@ -103,13 +102,10 @@ if (isset($_POST['add_user'])) {
if (isset($_POST['edit_user'])) {
require_once 'post/user_model.php';
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
require_once 'post/admin/admin_user_model.php';
$user_id = intval($_POST['user_id']);
$new_password = trim($_POST['new_password']);
@ -189,7 +185,6 @@ if (isset($_POST['edit_user'])) {
if (isset($_GET['activate_user'])) {
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['activate_user']);
@ -212,7 +207,6 @@ if (isset($_GET['activate_user'])) {
if (isset($_GET['disable_user'])) {
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['disable_user']);
@ -240,7 +234,6 @@ if (isset($_GET['disable_user'])) {
if (isset($_GET['revoke_remember_me'])) {
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['revoke_remember_me']);
@ -263,9 +256,6 @@ if (isset($_GET['revoke_remember_me'])) {
if (isset($_GET['archive_user'])) {
validateAdminRole();
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
// Variables from GET
@ -292,8 +282,6 @@ if (isset($_GET['archive_user'])) {
if (isset($_POST['export_users_csv'])) {
validateAdminRole();
//get records from database
$sql = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC");
@ -350,8 +338,6 @@ if (isset($_POST['ir_reset_user_password'])) {
// Incident response: allow mass reset of agent passwords
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
// Confirm logged-in user password, for security

0
post/user_model.php → post/admin/admin_user_model.php
View File

116
post/admin/admin_vendor_template.php Normal file
View File

@ -0,0 +1,116 @@
<?php
// Vendor Templates
// Import shared code from user-side vendor management as we reuse functions
require_once 'post/user/vendor.php';
if (isset($_POST['add_vendor_template'])) {
require_once 'post/user/vendor_model.php';
mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template = 1, vendor_client_id = 0");
$vendor_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Create', log_description = '$session_name created vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Vendor template <strong>$name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_vendor_template'])) {
require_once 'post/user/vendor_model.php';
$vendor_id = intval($_POST['vendor_id']);
$vendor_template_id = intval($_POST['vendor_template_id']);
if ($_POST['global_update_vendor_name'] == 1) {
$sql_global_update_vendor_name = ", vendor_name = '$name'";
} else {
$sql_global_update_vendor_name = "";
}
if ($_POST['global_update_vendor_description'] == 1) {
$sql_global_update_vendor_description = ", vendor_description = '$description'";
} else {
$sql_global_update_vendor_description = "";
}
if ($_POST['global_update_vendor_account_number'] == 1) {
$sql_global_update_vendor_account_number = ", vendor_account_number = '$account_number'";
} else {
$sql_global_update_vendor_account_number = "";
}
if ($_POST['global_update_vendor_contact_name'] == 1) {
$sql_global_update_vendor_contact_name = ", vendor_contact_name = '$contact_name'";
} else {
$sql_global_update_vendor_contact_name = "";
}
if ($_POST['global_update_vendor_phone'] == 1) {
$sql_global_update_vendor_phone = ", vendor_phone = '$phone', vendor_extension = '$extension'";
} else {
$sql_global_update_vendor_phone = "";
}
if ($_POST['global_update_vendor_hours'] == 1) {
$sql_global_update_vendor_hours = ", vendor_hours = '$hours'";
} else {
$sql_global_update_vendor_hours = "";
}
if ($_POST['global_update_vendor_email'] == 1) {
$sql_global_update_vendor_email = ", vendor_email = '$email'";
} else {
$sql_global_update_vendor_email = "";
}
if ($_POST['global_update_vendor_website'] == 1) {
$sql_global_update_vendor_website = ", vendor_website = '$website'";
} else {
$sql_global_update_vendor_website = "";
}
if ($_POST['global_update_vendor_sla'] == 1) {
$sql_global_update_vendor_sla = ", vendor_sla = '$sla'";
} else {
$sql_global_update_vendor_sla = "";
}
if ($_POST['global_update_vendor_code'] == 1) {
$sql_global_update_vendor_code = ", vendor_code = '$code'";
} else {
$sql_global_update_vendor_code = "";
}
if ($_POST['global_update_vendor_notes'] == 1) {
$sql_global_update_vendor_notes = ", vendor_notes = '$notes'";
} else {
$sql_global_update_vendor_notes = "";
}
// Update just the template
mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes' WHERE vendor_id = $vendor_id");
if ($_POST['update_base_vendors'] == 1) {
// Update client related vendors if anything is checked
$sql = "$sql_global_update_vendor_name $sql_global_update_vendor_description $sql_global_update_vendor_account_number $sql_global_update_vendor_contact_name $sql_global_update_vendor_phone $sql_global_update_vendor_hours $sql_global_update_vendor_email $sql_global_update_vendor_website $sql_global_update_vendor_sla $sql_global_update_vendor_code $sql_global_update_vendor_notes";
// Remove the first comma to prevent MySQL error
$sql = preg_replace('/,/', '', $sql, 1);
mysqli_query($mysqli,"UPDATE vendors SET $sql WHERE vendor_template_id = $vendor_id");
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Modify', log_description = '$session_name modified vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Vendor template <strong>$name</strong> modified";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

26
post/admin/edit_ai_settings.php Normal file
View File

@ -0,0 +1,26 @@
<?php
if (isset($_POST['edit_ai_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$provider = sanitizeInput($_POST['provider']);
if($provider){
$ai_enable = 1;
} else {
$ai_enable = 0;
}
$model = sanitizeInput($_POST['model']);
$url = sanitizeInput($_POST['url']);
$api_key = sanitizeInput($_POST['api_key']);
mysqli_query($mysqli,"UPDATE settings SET config_ai_enable = $ai_enable, config_ai_provider = '$provider', config_ai_model = '$model', config_ai_url = '$url', config_ai_api_key = '$api_key' WHERE company_id = 1");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited AI settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "You updated the AI Settings";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

302
post/admin_update.php Normal file
View File

@ -0,0 +1,302 @@
<?php
if (isset($_GET['update'])) {
validateAdminRole(); // Old function
//git fetch downloads the latest from remote without trying to merge or rebase anything. Then the git reset resets the master branch to what you just fetched. The --hard option changes all the files in your working tree to match the files in origin/master
if (isset($_GET['force_update']) == 1) {
exec("git fetch --all");
exec("git reset --hard origin/master");
} else {
exec("git pull");
}
//header("Location: post.php?update_db");
// Send Telemetry if enabled during update
if ($config_telemetry > 0 OR $config_telemetry = 2) {
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$website = sanitizeInput($row['company_website']);
$city = sanitizeInput($row['company_city']);
$state = sanitizeInput($row['company_state']);
$country = sanitizeInput($row['company_country']);
$currency = sanitizeInput($row['company_currency']);
$current_version = exec("git rev-parse HEAD");
// Client Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('client_id') AS num FROM clients"));
$client_count = $row['num'];
// Ticket Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM tickets"));
$ticket_count = $row['num'];
// Scheduled Ticket Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('scheduled_ticket_id') AS num FROM scheduled_tickets"));
$scheduled_ticket_count = $row['num'];
// Calendar Event Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM events"));
$calendar_event_count = $row['num'];
// Quote Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes"));
$quote_count = $row['num'];
// Invoice Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices"));
$invoice_count = $row['num'];
// Revenue Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('revenue_id') AS num FROM revenues"));
$revenue_count = $row['num'];
// Recurring Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring"));
$recurring_count = $row['num'];
// Account Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('account_id') AS num FROM accounts"));
$account_count = $row['num'];
// Tax Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tax_id') AS num FROM taxes"));
$tax_count = $row['num'];
// Product Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('product_id') AS num FROM products"));
$product_count = $row['num'];
// Payment Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments WHERE payment_invoice_id > 0"));
$payment_count = $row['num'];
// Company Vendor Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 0 AND vendor_client_id = 0"));
$company_vendor_count = $row['num'];
// Expense Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('expense_id') AS num FROM expenses WHERE expense_vendor_id > 0"));
$expense_count = $row['num'];
// Trip Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips"));
$trip_count = $row['num'];
// Transfer Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('transfer_id') AS num FROM transfers"));
$transfer_count = $row['num'];
// Contact Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts"));
$contact_count = $row['num'];
// Location Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations"));
$location_count = $row['num'];
// Asset Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets"));
$asset_count = $row['num'];
// Software Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_template = 0"));
$software_count = $row['num'];
// Software Template Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_template = 1"));
$software_template_count = $row['num'];
// Password Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins"));
$password_count = $row['num'];
// Network Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks"));
$network_count = $row['num'];
// Certificate Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates"));
$certificate_count = $row['num'];
// Domain Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains"));
$domain_count = $row['num'];
// Service Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services"));
$service_count = $row['num'];
// Client Vendor Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 0 AND vendor_client_id > 0"));
$client_vendor_count = $row['num'];
// Vendor Template Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 1"));
$vendor_template_count = $row['num'];
// File Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files"));
$file_count = $row['num'];
// Document Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_template = 0"));
$document_count = $row['num'];
// Document Template Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_template = 1"));
$document_template_count = $row['num'];
// Shared Item Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('item_id') AS num FROM shared_items"));
$shared_item_count = $row['num'];
// Company Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('company_id') AS num FROM companies"));
$company_count = $row['num'];
// User Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('user_id') AS num FROM users"));
$user_count = $row['num'];
// Category Expense Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Expense'"));
$category_expense_count = $row['num'];
// Category Income Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Income'"));
$category_income_count = $row['num'];
// Category Referral Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Referral'"));
$category_referral_count = $row['num'];
// Category Payment Method Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Payment Method'"));
$category_payment_method_count = $row['num'];
// Tag Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tag_id') AS num FROM tags"));
$tag_count = $row['num'];
// API Key Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('api_key_id') AS num FROM api_keys"));
$api_key_count = $row['num'];
// Log Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('log_id') AS num FROM logs"));
$log_count = $row['num'];
$postdata = http_build_query(
array(
'installation_id' => "$installation_id",
'version' => "$current_version",
'company_name' => "$company_name",
'website' => "$website",
'city' => "$city",
'state' => "$state",
'country' => "$country",
'currency' => "$currency",
'comments' => "$comments",
'client_count' => $client_count,
'ticket_count' => $ticket_count,
'scheduled_ticket_count' => $scheduled_ticket_count,
'calendar_event_count' => $calendar_event_count,
'quote_count' => $quote_count,
'invoice_count' => $invoice_count,
'revenue_count' => $revenue_count,
'recurring_count' => $recurring_count,
'account_count' => $account_count,
'tax_count' => $tax_count,
'product_count' => $product_count,
'payment_count' => $payment_count,
'company_vendor_count' => $company_vendor_count,
'expense_count' => $expense_count,
'trip_count' => $trip_count,
'transfer_count' => $transfer_count,
'contact_count' => $contact_count,
'location_count' => $location_count,
'asset_count' => $asset_count,
'software_count' => $software_count,
'software_template_count' => $software_template_count,
'password_count' => $password_count,
'network_count' => $network_count,
'certificate_count' => $certificate_count,
'domain_count' => $domain_count,
'service_count' => $service_count,
'client_vendor_count' => $client_vendor_count,
'vendor_template_count' => $vendor_template_count,
'file_count' => $file_count,
'document_count' => $document_count,
'document_template_count' => $document_template_count,
'shared_item_count' => $shared_item_count,
'company_count' => $company_count,
'user_count' => $user_count,
'category_expense_count' => $category_expense_count,
'category_income_count' => $category_income_count,
'category_referral_count' => $category_referral_count,
'category_payment_method_count' => $category_payment_method_count,
'tag_count' => $tag_count,
'api_key_count' => $api_key_count,
'log_count' => $log_count,
'config_theme' => "$config_theme",
'config_enable_cron' => $config_enable_cron,
'config_ticket_email_parse' => $config_ticket_email_parse,
'config_module_enable_itdoc' => $config_module_enable_itdoc,
'config_module_enable_ticketing' => $config_module_enable_ticketing,
'config_module_enable_accounting' => $config_module_enable_accounting,
'config_telemetry' => $config_telemetry,
'collection_method' => 4
)
);
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $postdata
)
);
$context = stream_context_create($opts);
$result = file_get_contents('https://telemetry.itflow.org', false, $context);
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Update', log_description = '$session_name ran updates', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Update successful";
sleep(1);
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['update_db'])) {
validateAdminRole(); // Old function
// Get the current version
require_once ('database_version.php');
// Perform upgrades, if required
require_once ('database_updates.php');
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Update', log_description = '$session_name updated the database structure', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Database structure update successful";
sleep(1);
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

4
post/ai.php
View File

@ -4,6 +4,8 @@
* ITFlow - GET/POST request handler for AI Functions
*/
// TODO: Should this be moved to AJAX?
if (isset($_GET['ai_reword'])) {
header('Content-Type: application/json');
@ -54,4 +56,4 @@ if (isset($_GET['ai_reword'])) {
echo json_encode(['rewordedText' => 'Failed to get a response from the OpenAI API.']);
}
}
}

0
post/account.php → post/user/account.php
View File

0
post/asset.php → post/user/asset.php
View File

0
post/budget.php → post/user/budget.php
View File

0
post/certificate.php → post/user/certificate.php
View File

4
post/client.php → post/user/client.php
View File

@ -9,7 +9,7 @@ if (isset($_POST['add_client'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
require_once 'post/client_model.php';
require_once 'post/user/client_model.php';
$location_phone = preg_replace("/[^0-9]/", '', $_POST['location_phone']);
$address = sanitizeInput($_POST['address']);
@ -119,7 +119,7 @@ if (isset($_POST['edit_client'])) {
enforceUserPermission('module_client', 2);
require_once 'post/client_model.php';
require_once 'post/user/client_model.php';
$client_id = intval($_POST['client_id']);

0
post/client_model.php → post/user/client_model.php
View File

26
post/contact.php → post/user/contact.php
View File

@ -8,7 +8,7 @@ if (isset($_POST['add_contact'])) {
validateTechRole();
require_once 'post/contact_model.php';
require_once 'post/user/contact_model.php';
// Set password
@ -68,7 +68,7 @@ if (isset($_POST['edit_contact'])) {
validateTechRole();
require_once 'post/contact_model.php';
require_once 'post/user/contact_model.php';
$contact_id = intval($_POST['contact_id']);
$send_email = intval($_POST['send_email']);
@ -193,7 +193,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
// Get Selected Contacts Count
$contact_count = count($_POST['contact_ids']);
// Assign Location to Selected Contacts
if (!empty($_POST['contact_ids'])) {
foreach($_POST['contact_ids'] as $contact_id) {
@ -210,7 +210,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name assigned $contact_name to Location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You assigned <b>$contact_count</b> contacts to location <b>$location_name</b>";
}
@ -226,7 +226,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
// Get Selected Contacts Count
$contact_count = count($_POST['contact_ids']);
// Assign Location to Selected Contacts
if (!empty($_POST['contact_ids'])) {
foreach($_POST['contact_ids'] as $contact_id) {
@ -244,7 +244,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name set Phone Number to $phone for $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You set Phone Number <b>" . formatPhoneNumber($phone) . "</b> on $contact_count</b> contacts";
}
@ -260,7 +260,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
// Get Selected Contacts Count
$contact_count = count($_POST['contact_ids']);
// Assign Location to Selected Contacts
if (!empty($_POST['contact_ids'])) {
foreach($_POST['contact_ids'] as $contact_id) {
@ -278,7 +278,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name set Department to $department for $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You set the Department to <b>$department</b> for <b>$contact_count</b> contacts";
}
@ -296,7 +296,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
// Get Selected Contacts Count
$contact_count = count($_POST['contact_ids']);
// Assign Location to Selected Contacts
if (!empty($_POST['contact_ids'])) {
foreach($_POST['contact_ids'] as $contact_id) {
@ -314,7 +314,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name updated $contact_name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You updated roles for <b>$contact_count</b> contacts";
}
@ -348,7 +348,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
// Add new tags
foreach($_POST['bulk_tags'] as $tag) {
$tag = intval($tag);
$sql = mysqli_query($mysqli,"SELECT * FROM contact_tags WHERE contact_id = $contact_id AND tag_id = $tag");
if (mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO contact_tags SET contact_id = $contact_id, tag_id = $tag");
@ -359,7 +359,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name added tags to $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "Assigned tags for <b>$count</b> contacts";
}
@ -468,7 +468,7 @@ if (isset($_POST['bulk_delete_contacts'])) {
$row = mysqli_fetch_array($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id");
// Remove Relations

0
post/contact_model.php → post/user/contact_model.php
View File

4
post/login.php → post/user/credential.php
View File

@ -1,7 +1,7 @@
<?php
/*
* ITFlow - GET/POST request handler for client logins / passwords
* ITFlow - GET/POST request handler for client credentials (formerly logins)
*/
if (isset($_POST['add_login'])) {
@ -229,7 +229,7 @@ if (isset($_POST['bulk_delete_logins'])) {
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
mysqli_query($mysqli, "DELETE FROM logins WHERE login_id = $login_id AND login_client_id = $client_id");
// Remove Relations

0
post/login_model.php → post/user/credential_model.php
View File

26
post/document.php → post/user/document.php
View File

@ -71,30 +71,6 @@ if (isset($_POST['add_document_from_template'])) {
}
if (isset($_POST['add_document_template'])) {
validateTechRole();
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0");
$document_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = '$session_name created document template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $document_id");
$_SESSION['alert_message'] = "Document template <strong>$name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['edit_document'])) {
validateTechRole();
@ -205,7 +181,7 @@ if (isset($_POST['bulk_move_document'])) {
// Get Selected Document Count
$document_count = count($_POST['document_ids']);
// Move Documents to Folder Loop
if (!empty($_POST['document_ids'])) {
foreach($_POST['document_ids'] as $document_id) {

0
post/domain.php → post/user/domain.php
View File

5
post/event.php → post/user/event.php
View File

@ -41,7 +41,7 @@ if (isset($_POST['edit_calendar'])) {
if (isset($_POST['add_event'])) {
require_once 'post/event_model.php';
require_once 'post/user/event_model.php';
mysqli_query($mysqli,"INSERT INTO events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
@ -115,8 +115,7 @@ if (isset($_POST['add_event'])) {
if (isset($_POST['edit_event'])) {
require_once 'post/event_model.php';
require_once 'post/user/event_model.php';
$event_id = intval($_POST['event_id']);

0
post/event_model.php → post/user/event_model.php
View File

22
post/expense.php → post/user/expense.php
View File

@ -6,7 +6,7 @@
if (isset($_POST['add_expense'])) {
require_once 'post/expense_model.php';
require_once 'post/user/expense_model.php';
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'");
@ -44,7 +44,7 @@ if (isset($_POST['add_expense'])) {
if (isset($_POST['edit_expense'])) {
require_once 'post/expense_model.php';
require_once 'post/user/expense_model.php';
$expense_id = intval($_POST['expense_id']);
@ -119,7 +119,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
// Get Selected Contacts Count
$expense_count = count($_POST['expense_ids']);
// Assign category to Selected Expenses
if (!empty($_POST['expense_ids'])) {
foreach($_POST['expense_ids'] as $expense_id) {
@ -137,10 +137,10 @@ if (isset($_POST['bulk_edit_expense_category'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to expense category $category_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You assigned expense category <b>$category_name</b> to <b>$expense_count</b> expenses";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -155,7 +155,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
// Get Selected Contacts Count
$expense_count = count($_POST['expense_ids']);
// Assign category to Selected Expenses
if (!empty($_POST['expense_ids'])) {
foreach($_POST['expense_ids'] as $expense_id) {
@ -173,10 +173,10 @@ if (isset($_POST['bulk_edit_expense_account'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to account $account_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You assigned account <b>$account_name</b> to <b>$expense_count</b> expenses";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -191,7 +191,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
// Get Selected Contacts Count
$expense_count = count($_POST['expense_ids']);
// Assign category to Selected Expenses
if (!empty($_POST['expense_ids'])) {
foreach($_POST['expense_ids'] as $expense_id) {
@ -208,10 +208,10 @@ if (isset($_POST['bulk_edit_expense_client'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

0
post/expense_model.php → post/user/expense_model.php
View File

0
post/file.php → post/user/file.php
View File

0
post/folder.php → post/user/folder.php
View File

6
post/invoice.php → post/user/invoice.php
View File

@ -6,7 +6,7 @@
if (isset($_POST['add_invoice'])) {
require_once 'post/invoice_model.php';
require_once 'post/user/invoice_model.php';
$client = intval($_POST['client']);
@ -38,7 +38,7 @@ if (isset($_POST['add_invoice'])) {
if (isset($_POST['edit_invoice'])) {
require_once 'post/invoice_model.php';
require_once 'post/user/invoice_model.php';
$invoice_id = intval($_POST['invoice_id']);
$due = sanitizeInput($_POST['due']);
@ -1302,7 +1302,7 @@ if (isset($_POST['export_invoices_csv'])) {
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Export', log_description = '$session_name exported invoices to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
exit;
}

0
post/invoice_model.php → post/user/invoice_model.php
View File

12
post/location.php → post/user/location.php
View File

@ -8,7 +8,7 @@ if(isset($_POST['add_location'])){
validateTechRole();
require_once 'post/location_model.php';
require_once 'post/user/location_model.php';
if(!file_exists("uploads/clients/$client_id")) {
@ -27,7 +27,7 @@ if(isset($_POST['add_location'])){
}
}
// Update Primay location in clients if primary location is checked
// Update Primary location in clients if primary location is checked
if ($location_primary == 1) {
mysqli_query($mysqli,"UPDATE locations SET location_primary = 0 WHERE location_client_id = $client_id");
mysqli_query($mysqli,"UPDATE locations SET location_primary = 1 WHERE location_id = $location_id");
@ -67,7 +67,7 @@ if(isset($_POST['edit_location'])){
validateTechRole();
require_once 'post/location_model.php';
require_once 'post/user/location_model.php';
$location_id = intval($_POST['location_id']);
@ -234,7 +234,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
// Add new tags
foreach($_POST['bulk_tags'] as $tag) {
$tag = intval($tag);
$sql = mysqli_query($mysqli,"SELECT * FROM location_tags WHERE location_id = $location_id AND tag_id = $tag");
if (mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO location_tags SET location_id = $location_id, tag_id = $tag");
@ -245,7 +245,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Modify', log_description = '$session_name added tags to $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $location_id");
} // End Assign Location Loop
$_SESSION['alert_message'] = "Assigned tags for <b>$count</b> locations";
}
@ -355,7 +355,7 @@ if (isset($_POST['bulk_delete_locations'])) {
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Location', log_action = 'Delete', log_description = '$session_name deleted location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $location_id");

0
post/location_model.php → post/user/location_model.php
View File

4
post/network.php → post/user/network.php
View File

@ -8,7 +8,7 @@ if (isset($_POST['add_network'])) {
validateTechRole();
require_once 'post/login_model.php';
require_once 'post/user/login_model.php';
mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
@ -29,7 +29,7 @@ if (isset($_POST['edit_network'])) {
$network_id = intval($_POST['network_id']);
require_once 'post/login_model.php';
require_once 'post/user/login_model.php';
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");

0
post/network_model.php → post/user/network_model.php
View File

15
post/product.php → post/user/product.php
View File

@ -7,7 +7,7 @@
// Products
if (isset($_POST['add_product'])) {
require_once 'post/product_model.php';
require_once 'post/user/product_model.php';
mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category");
@ -23,8 +23,7 @@ if (isset($_POST['add_product'])) {
if (isset($_POST['edit_product'])) {
require_once 'post/product_model.php';
require_once 'post/user/product_model.php';
$product_id = intval($_POST['product_id']);
@ -118,7 +117,7 @@ if (isset($_POST['bulk_edit_product_category'])) {
// Get Count
$count = count($_POST['product_ids']);
// Assign category to Selected Products
if (!empty($_POST['product_ids'])) {
foreach($_POST['product_ids'] as $product_id) {
@ -135,10 +134,10 @@ if (isset($_POST['bulk_edit_product_category'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Edit', log_description = '$session_name assigned $product_name to income category $category_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
} // End Assign Product Loop
$_SESSION['alert_message'] = "You assigned product category <b>$category_name</b> to <b>$count</b> products";
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -235,7 +234,7 @@ if (isset($_POST['bulk_delete_products'])) {
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Delete', log_description = '$session_name deleted product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
@ -296,4 +295,4 @@ if (isset($_POST['export_products_csv'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Export', log_description = '$session_name exported products to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
exit;
}
}

0
post/product_model.php → post/user/product_model.php
View File

0
post/profile.php → post/user/profile.php
View File

0
post/project.php → post/user/project.php
View File

4
post/quote.php → post/user/quote.php
View File

@ -8,7 +8,7 @@ if (isset($_POST['add_quote'])) {
enforceUserPermission('module_sales', 2);
require_once 'post/quote_model.php';
require_once 'post/user/quote_model.php';
$client = intval($_POST['client']);
@ -221,7 +221,7 @@ if (isset($_POST['edit_quote'])) {
enforceUserPermission('module_sales', 2);
require_once 'post/quote_model.php';
require_once 'post/user/quote_model.php';
$quote_id = intval($_POST['quote_id']);

Some files were not shown because too many files have changed in this diff Show More