From 8c98163e1c217ed68b52000f2da0bce630fc5fc7 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 29 Mar 2022 12:59:42 -0400
Subject: [PATCH] DB Structure Updated 2 new settings config_backup_enable and
 config_backup_path. This is to fix an issue where not specifying the full
 backup path would cause cron to error out and not run completely

---
 .gitignore          |   5 ++-
 cron.php            | 106 +++++++++++++++++++++++---------------------
 db.sql              |  11 +++--
 get_settings.php    |   4 ++
 post.php            |  23 ++++++++++
 settings-backup.php |  30 +++++++++++++
 6 files changed, 124 insertions(+), 55 deletions(-)

diff --git a/.gitignore b/.gitignore
index d7c6de3f..8074436d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,7 @@ uploads/users/*
 !uploads/users/index.php
 uploads/tmp/*
 !uploads/tmp/index.php
-.idea/*
+backups/*
+!backups/index.php
+!backups/.htaccess
+.idea/*
\ No newline at end of file
diff --git a/cron.php b/cron.php
index 30332cd6..ae75c47b 100644
--- a/cron.php
+++ b/cron.php
@@ -34,6 +34,8 @@ while($row = mysqli_fetch_array($sql_companies)){
   $config_mail_from_name = $row['config_mail_from_name'];
   $config_recurring_auto_send_invoice = $row['config_recurring_auto_send_invoice'];
   $config_base_url = $row['config_base_url'];
+  $config_backup_enable = $row['config_backup_enable'];
+  $config_backup_path = $row['config_backup_path'];
 
   // Tickets
   $config_ticket_prefix = $row['config_ticket_prefix'];
@@ -44,73 +46,77 @@ while($row = mysqli_fetch_array($sql_companies)){
 
   if($config_enable_cron == 1){
 
-    // DATABASE BACKUP
-    $backup_dir = "backups/";
+    if($config_backups_enable == 1){
+      // DATABASE BACKUP
+      // This needs to be set to the full file sytem path or else when cron runs php it will break cron.php and cron will not run properly
+      //$backup_dir = "backups/";
+      $backup_dir = "$config_backup_path/";
 
-    // Get All Table Names From the Database
-    $tables = array();
-    $sql = "SHOW TABLES";
-    $result = mysqli_query($mysqli, $sql);
-    while ($row = mysqli_fetch_row($result)) {
-      $tables[] = $row[0];
-    }
+      // Get All Table Names From the Database
+      $tables = array();
+      $sql = "SHOW TABLES";
+      $result = mysqli_query($mysqli, $sql);
+      while ($row = mysqli_fetch_row($result)) {
+        $tables[] = $row[0];
+      }
 
-    $sqlScript = "";
-    foreach ($tables as $table) {
+      $sqlScript = "";
+      foreach ($tables as $table) {
 
-      // Prepare SQLscript for creating table structure
-      $query = "SHOW CREATE TABLE $table";
-      $result = mysqli_query($mysqli, $query);
-      $row = mysqli_fetch_row($result);
+        // Prepare SQLscript for creating table structure
+        $query = "SHOW CREATE TABLE $table";
+        $result = mysqli_query($mysqli, $query);
+        $row = mysqli_fetch_row($result);
 
-      $sqlScript .= "\n\n" . $row[1] . ";\n\n";
+        $sqlScript .= "\n\n" . $row[1] . ";\n\n";
 
-      $query = "SELECT * FROM $table";
-      $result = mysqli_query($mysqli, $query);
+        $query = "SELECT * FROM $table";
+        $result = mysqli_query($mysqli, $query);
 
-      $columnCount = mysqli_num_fields($result);
+        $columnCount = mysqli_num_fields($result);
 
-      // Prepare SQLscript for dumping data for each table
-      for ($i = 0; $i < $columnCount; $i ++) {
-        while ($row = mysqli_fetch_row($result)) {
-          $sqlScript .= "INSERT INTO $table VALUES(";
-          for ($j = 0; $j < $columnCount; $j ++) {
+        // Prepare SQLscript for dumping data for each table
+        for ($i = 0; $i < $columnCount; $i ++) {
+          while ($row = mysqli_fetch_row($result)) {
+            $sqlScript .= "INSERT INTO $table VALUES(";
+            for ($j = 0; $j < $columnCount; $j ++) {
 
-            if (isset($row[$j])) {
-              $sqlScript .= '"' . $row[$j] . '"';
-            } else {
-              $sqlScript .= '""';
-            }
-            if ($j < ($columnCount - 1)) {
-              $sqlScript .= ',';
+              if (isset($row[$j])) {
+                $sqlScript .= '"' . $row[$j] . '"';
+              } else {
+                $sqlScript .= '""';
+              }
+              if ($j < ($columnCount - 1)) {
+                $sqlScript .= ',';
+              }
             }
+            $sqlScript .= ");\n";
           }
-          $sqlScript .= ");\n";
+        }
+        $sqlScript .= "\n";
+      }
+
+      // Save the SQL script to a backup file
+      if(!empty($sqlScript)) {
+        $random_string = key32gen();
+        if(!empty($random_string)){
+          $backup_file_name = date('Y-m-d') . '_backup__' . $random_string . '.sql';
+          $fileHandler = fopen($backup_dir . '/' .$backup_file_name, 'w+');
+          $number_of_lines = fwrite($fileHandler, $sqlScript);
+          fclose($fileHandler);
         }
       }
-      $sqlScript .= "\n";
-    }
 
-    // Save the SQL script to a backup file
-    if(!empty($sqlScript)) {
-      $random_string = key32gen();
-      if(!empty($random_string)){
-        $backup_file_name = date('Y-m-d') . '_backup__' . $random_string . '.sql';
-        $fileHandler = fopen($backup_dir . '/' .$backup_file_name, 'w+');
-        $number_of_lines = fwrite($fileHandler, $sqlScript);
-        fclose($fileHandler);
+      // Delete backups older than 30 days
+      $now = time();
+      foreach (glob($backup_dir."*.sql") as $file) {
+        if(time() - filectime($file) > 2592000){
+          unlink($file);
+        }
       }
-    }
 
-    // Delete backups older than 30 days
-    $now = time();
-    foreach (glob($backup_dir."*.sql") as $file) {
-      if(time() - filectime($file) > 2592000){
-        unlink($file);
-      }
     }
 
-
     // GET NOTIFICATIONS
 
     // DOMAINS EXPIRING
diff --git a/db.sql b/db.sql
index 94fe7d77..4fa512d2 100644
--- a/db.sql
+++ b/db.sql
@@ -298,6 +298,7 @@ CREATE TABLE `contacts` (
   `contact_notes` text DEFAULT NULL,
   `contact_auth_method` varchar(200) DEFAULT NULL,
   `contact_password_hash` varchar(200) DEFAULT NULL,
+  `contact_important` tinyint(1) NOT NULL DEFAULT 0,
   `contact_created_at` datetime NOT NULL,
   `contact_updated_at` datetime DEFAULT NULL,
   `contact_archived_at` datetime DEFAULT NULL,
@@ -1129,6 +1130,8 @@ CREATE TABLE `settings` (
   `config_meshcentral_secret` varchar(200) DEFAULT NULL,
   `config_azure_client_id` varchar(200) DEFAULT NULL,
   `config_azure_client_secret` varchar(200) DEFAULT NULL,
+  `config_backups_enable` tinyint(1) NOT NULL DEFAULT 0,
+  `config_backups_path` varchar(250) DEFAULT NULL,
   PRIMARY KEY (`company_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1279,7 +1282,9 @@ CREATE TABLE `ticket_replies` (
 --
 
 DROP TABLE IF EXISTS `ticket_views`;
-CREATE TABLE IF NOT EXISTS `ticket_views` (
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `ticket_views` (
   `view_id` int(11) NOT NULL AUTO_INCREMENT,
   `view_ticket_id` int(11) NOT NULL,
   `view_user_id` int(11) NOT NULL,
@@ -1288,8 +1293,6 @@ CREATE TABLE IF NOT EXISTS `ticket_views` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
--- --------------------------------------------------------
-
 --
 -- Table structure for table `tickets`
 --
@@ -1482,4 +1485,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2022-03-04  0:40:43
+-- Dump completed on 2022-03-29 12:22:09
diff --git a/get_settings.php b/get_settings.php
index 6d3d0c00..0049f586 100644
--- a/get_settings.php
+++ b/get_settings.php
@@ -71,6 +71,10 @@ $config_stripe_enable = $row['config_stripe_enable'];
 $config_stripe_publishable = $row['config_stripe_publishable'];
 $config_stripe_secret = $row['config_stripe_secret'];
 
+// Backups
+$config_backup_enable = $row['config_backup_enable'];
+$config_backup_path = $row['config_backup_path'];
+
 // Currency
 
 $config_currency_format = "US_en";
diff --git a/post.php b/post.php
index dc319ef0..9e563c69 100644
--- a/post.php
+++ b/post.php
@@ -1068,6 +1068,29 @@ if(isset($_POST['edit_online_payment_settings'])){
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
+if(isset($_POST['edit_backup_settings'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+    $config_backup_enable = intval($_POST['config_backup_enable']);
+    $config_backup_path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_backup_path'])));
+
+    mysqli_query($mysqli,"UPDATE settings SET config_backup_enable = $config_backup_enable, config_backup_path = '$config_backup_path' WHERE company_id = $session_company_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified backup settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_message'] = "Backup Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
 if(isset($_POST['enable_2fa'])){
 
     $token = mysqli_real_escape_string($mysqli,$_POST['token']);
diff --git a/settings-backup.php b/settings-backup.php
index 1994a27e..cbacd36c 100644
--- a/settings-backup.php
+++ b/settings-backup.php
@@ -1,5 +1,35 @@
 <?php include("inc_all_admin.php"); ?>
 
+<div class="card card-dark">
+  <div class="card-header">
+    <h3 class="card-title"><i class="fa fa-fw fa-database"></i> Backup</h3>
+  </div>
+  <div class="card-body">
+    <form action="post.php" method="post" autocomplete="off">
+
+      <div class="custom-control custom-switch mb-2">
+        <input type="checkbox" class="custom-control-input" name="config_backup_enable" <?php if($config_backup_enable == 1){ echo "checked"; } ?> value="1" id="backupSwitch">
+        <label class="custom-control-label" for="backupSwitch">Enable Backups <small>(cron.php must also be added to cron and run nightly at 11:00PM for backups to work)</small></label>
+      </div>
+
+      <div class="form-group">
+        <label>Backup Path</label>
+        <div class="input-group">
+          <div class="input-group-prepend">
+            <span class="input-group-text"><i class="fa fa-fw fa-folder"></i></span>
+          </div>
+          <input type="text" class="form-control" name="config_invoice_overdue_reminders" placeholder="Specify Full File System Path ex /home/user/web/itflow.example.com/private/backups" value="<?php echo $config_backup_path; ?>">
+        </div>
+      </div>
+
+      <hr>
+
+      <button type="submit" name="edit_backup_settings" class="btn btn-primary">Save</button>
+        
+    </form>
+  </div>
+</div>
+
 <div class="card card-dark mb-3">
     <div class="card-header">
         <h3 class="card-title"><i class="fa fa-fw fa-database"></i> Backup Database</h3>