From 8ffa90ae28ff923ee74b971c30e5c8297201260f Mon Sep 17 00:00:00 2001 From: johnnyq Date: Thu, 14 Nov 2024 13:39:17 -0500 Subject: [PATCH] Updated vendor post to use new logAction function, tidy and added more details to logging --- post/user/transfer.php | 4 +- post/user/trip.php | 2 + post/user/vendor.php | 97 ++++++++++++++++++++++-------------------- 3 files changed, 56 insertions(+), 47 deletions(-) diff --git a/post/user/transfer.php b/post/user/transfer.php index e2c687fc..d7f415ad 100644 --- a/post/user/transfer.php +++ b/post/user/transfer.php @@ -31,7 +31,7 @@ if (isset($_POST['add_transfer'])) { $transfer_id = mysqli_insert_id($mysqli); // Logging - logAction("Account Transfer", "Create", "$session_name transferred $amount from account $source_account_name to $destination_account_name", 0 , $transfer_id); + logAction("Account Transfer", "Create", "$session_name transferred $amount from account $source_account_name to $destination_account_name", 0, $transfer_id); $_SESSION['alert_message'] = "Transferred $amount from $source_account_name to $destination_account_name"; @@ -57,7 +57,7 @@ if (isset($_POST['edit_transfer'])) { mysqli_query($mysqli,"UPDATE transfers SET transfer_method = '$transfer_method', transfer_notes = '$notes' WHERE transfer_id = $transfer_id"); // Logging - logAction("Account Transfer", "Edit", "$session_name edited transfer", 0 , $transfer_id); + logAction("Account Transfer", "Edit", "$session_name edited transfer", 0, $transfer_id); $_SESSION['alert_message'] = "Transfer edited"; diff --git a/post/user/trip.php b/post/user/trip.php index 1bf6fcee..cb562a02 100644 --- a/post/user/trip.php +++ b/post/user/trip.php @@ -38,6 +38,7 @@ if (isset($_POST['edit_trip'])) { } if (isset($_GET['delete_trip'])) { + $trip_id = intval($_GET['delete_trip']); // Get Trip Info and Client ID for logging @@ -59,6 +60,7 @@ if (isset($_GET['delete_trip'])) { } if (isset($_POST['export_trips_csv'])) { + $date_from = sanitizeInput($_POST['date_from']); $date_to = sanitizeInput($_POST['date_to']); if (!empty($date_from) && !empty($date_to)){ diff --git a/post/user/vendor.php b/post/user/vendor.php index 7fe8b0f4..3dff7002 100644 --- a/post/user/vendor.php +++ b/post/user/vendor.php @@ -34,9 +34,9 @@ if (isset($_POST['add_vendor_from_template'])) { $vendor_id = mysqli_insert_id($mysqli); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Create', log_description = 'Vendor created from template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + logAction("Vendor", "Create", "$session_name created vendor $name using a template", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor created from template"; + $_SESSION['alert_message'] = "Vendor $name created from template"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -48,15 +48,14 @@ if (isset($_POST['add_vendor'])) { require_once 'post/user/vendor_model.php'; - $client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_client_id = $client_id"); $vendor_id = mysqli_insert_id($mysqli); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Create', log_description = '$session_name created vendor $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + // Logging + logAction("Vendor", "Create", "$session_name created vendor $name", $client_id, $vendor_id); $_SESSION['alert_message'] = "Vendor $name created"; @@ -67,16 +66,20 @@ if (isset($_POST['edit_vendor'])) { require_once 'post/user/vendor_model.php'; - $vendor_id = intval($_POST['vendor_id']); $vendor_template_id = intval($_POST['vendor_template_id']); + // Get Client ID + $sql_vendor = mysqli_query($mysqli,"SELECT vendor_client_id FROM vendors WHERE vendor_id = $vendor_id"); + $row = mysqli_fetch_array($sql_vendor); + $client_id = intval($row['vendor_client_id']); + mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code',vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template_id = $vendor_template_id WHERE vendor_id = $vendor_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Modify', log_description = '$session_name modified vendor $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Vendor", "Edit", "$session_name edited vendor $name", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor $name modified"; + $_SESSION['alert_message'] = "Vendor $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); } @@ -92,11 +95,11 @@ if (isset($_GET['archive_vendor'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Archive', log_description = '$session_name archived vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + // Logging + logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id); $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Vendor $vendor_name archived"; + $_SESSION['alert_message'] = "Vendor $vendor_name archived"; header("Location: " . $_SERVER["HTTP_REFERER"]); } @@ -113,8 +116,8 @@ if(isset($_GET['unarchive_vendor'])){ mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Unarchive', log_description = '$session_name restored credential $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $vendor_id"); + // Logging + logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id); $_SESSION['alert_message'] = "Vendor $vendor_name restored"; @@ -147,6 +150,9 @@ if (isset($_GET['delete_vendor'])) { //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Delete', log_description = '$session_name deleted vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + // Logging + logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id); + $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Vendor $vendor_name deleted"; @@ -157,13 +163,13 @@ if (isset($_POST['bulk_archive_vendors'])) { validateAdminRole(); validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $vendor_ids = $_POST['vendor_ids']; // Get array of IDs to be deleted + if (isset($vendor_ids)) { - if (!empty($vendor_ids)) { + // Get Selected Count + $count = count($_POST['vendor_ids']); // Cycle through array and archive each record - foreach ($vendor_ids as $vendor_id) { + foreach ($_POST['vendor_ids'] as $vendor_id) { $vendor_id = intval($vendor_id); @@ -176,15 +182,14 @@ if (isset($_POST['bulk_archive_vendors'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id"); // Individual Contact logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Archive', log_description = '$session_name archived vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $vendor_id"); - $count++; + logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id); } // Bulk Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Vendor', log_action = 'Archive', log_description = '$session_name archived $count vendors', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + logAction("Vendor", "Bulk Archive", "$session_name archived $count vendor(s)"); $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Archived $count credential(s)"; + $_SESSION['alert_message'] = "Archived $count vendor(s)"; } @@ -195,13 +200,13 @@ if (isset($_POST['bulk_unarchive_vendors'])) { validateAdminRole(); validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $vendor_ids = $_POST['vendor_ids']; // Get array of IDs + if (isset($vendor_ids)) { - if (!empty($vendor_ids)) { + // Get Selected Count + $count = count($_POST['vendor_ids']); - // Cycle through array and unarchive - foreach ($vendor_ids as $vendor_id) { + // Cycle through array and unarchive each record + foreach ($_POST['vendor_ids'] as $vendor_id) { $vendor_id = intval($vendor_id); @@ -214,16 +219,14 @@ if (isset($_POST['bulk_unarchive_vendors'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id"); // Individual logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Unarchive', log_description = '$session_name Unarchived vendor $vendors_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $vendor_id"); + logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id); - - $count++; } // Bulk Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Vendor', log_action = 'Unarchive', log_description = '$session_name Unarchived $count vendors', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + logAction("Vendor", "Bulk Unarchive", "$session_name unarchived $count vendor(s)"); - $_SESSION['alert_message'] = "Unarchived $count vendor(s)"; + $_SESSION['alert_message'] = "Unarchived $count vendor(s)"; } @@ -234,13 +237,13 @@ if (isset($_POST['bulk_delete_vendors'])) { validateAdminRole(); validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $vendor_ids = $_POST['vendor_ids']; // Get array of IDs to be deleted + if (isset($vendor_ids)) { - if (!empty($vendor_ids)) { + // Get Selected Count + $count = count($_POST['vendor_ids']); // Cycle through array and delete each record - foreach ($vendor_ids as $vendor_id) { + foreach ($_POST['vendor_ids'] as $vendor_id) { $vendor_id = intval($vendor_id); @@ -264,15 +267,16 @@ if (isset($_POST['bulk_delete_vendors'])) { mysqli_query($mysqli,"DELETE FROM vendor_logins WHERE vendor_id = $vendor_id"); mysqli_query($mysqli,"DELETE FROM service_vendors WHERE vendor_id = $vendor_id"); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Vendor', log_action = 'Delete', log_description = '$session_name deleted vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $vendor_id"); + // Logging + logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id); - $count++; } - // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Vendor', log_action = 'Delete', log_description = '$session_name bulk deleted $count vendors', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); - - $_SESSION['alert_message'] = "Deleted $count vendor(s)"; + // Bulk Logging + logAction("Vendor", "Bulk Delete", "$session_name deleted $count vendor(s)"); + + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Deleted $count vendor(s)"; } @@ -289,7 +293,10 @@ if (isset($_POST['export_client_vendors_csv'])) { $client_name = $row['client_name']; $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC"); - if ($sql->num_rows > 0) { + + $count = mysqli_num_rows($sql); + + if ($count > 0) { $delimiter = ","; $filename = $client_name . "-Vendors-" . date('Y-m-d') . ".csv"; @@ -317,8 +324,8 @@ if (isset($_POST['export_client_vendors_csv'])) { fpassthru($f); } - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Export', log_description = '$session_name exported vendors to CSV', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); + // Logging + logAction("Vendor", "Export", "$session_name exported $count vendor(s) to a CSV file", $client_id); exit; }