mirror of
https://github.com/itflow-org/itflow
synced 2026-03-11 00:04:50 +00:00
Software: remove client_id post from edit software modal as it should get the client_id in post, enforceClientAccess
This commit is contained in:
johnnyq
@@ -53,7 +53,6 @@ ob_start();
|
|||||||
<form action="post.php" method="post" autocomplete="off">
|
<form action="post.php" method="post" autocomplete="off">
|
||||||
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
|
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||||
<input type="hidden" name="software_id" value="<?php echo $software_id; ?>">
|
<input type="hidden" name="software_id" value="<?php echo $software_id; ?>">
|
||||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
|
|
||||||
<ul class="nav nav-pills nav-justified mb-3">
|
<ul class="nav nav-pills nav-justified mb-3">
|
||||||
|
|||||||
@@ -16,6 +16,8 @@ if (isset($_POST['add_software_from_template'])) {
|
|||||||
$client_id = intval($_POST['client_id']);
|
$client_id = intval($_POST['client_id']);
|
||||||
$software_template_id = intval($_POST['software_template_id']);
|
$software_template_id = intval($_POST['software_template_id']);
|
||||||
|
|
||||||
|
enforceClientAccess();
|
||||||
|
|
||||||
// GET Software Template Info
|
// GET Software Template Info
|
||||||
$sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software_templates WHERE software_template_id = $software_template_id");
|
$sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software_templates WHERE software_template_id = $software_template_id");
|
||||||
$row = mysqli_fetch_assoc($sql_software_templates);
|
$row = mysqli_fetch_assoc($sql_software_templates);
|
||||||
@@ -71,6 +73,8 @@ if (isset($_POST['add_software'])) {
|
|||||||
$notes = sanitizeInput($_POST['notes']);
|
$notes = sanitizeInput($_POST['notes']);
|
||||||
$vendor = intval($_POST['vendor'] ?? 0);
|
$vendor = intval($_POST['vendor'] ?? 0);
|
||||||
|
|
||||||
|
enforceClientAccess();
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor, software_client_id = $client_id");
|
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor, software_client_id = $client_id");
|
||||||
|
|
||||||
$software_id = mysqli_insert_id($mysqli);
|
$software_id = mysqli_insert_id($mysqli);
|
||||||
@@ -108,7 +112,6 @@ if (isset($_POST['edit_software'])) {
|
|||||||
enforceUserPermission('module_support', 2);
|
enforceUserPermission('module_support', 2);
|
||||||
|
|
||||||
$software_id = intval($_POST['software_id']);
|
$software_id = intval($_POST['software_id']);
|
||||||
$client_id = intval($_POST['client_id']);
|
|
||||||
$name = sanitizeInput($_POST['name']);
|
$name = sanitizeInput($_POST['name']);
|
||||||
$version = sanitizeInput($_POST['version']);
|
$version = sanitizeInput($_POST['version']);
|
||||||
$description = sanitizeInput($_POST['description']);
|
$description = sanitizeInput($_POST['description']);
|
||||||
@@ -133,6 +136,10 @@ if (isset($_POST['edit_software'])) {
|
|||||||
$notes = sanitizeInput($_POST['notes']);
|
$notes = sanitizeInput($_POST['notes']);
|
||||||
$vendor = intval($_POST['vendor'] ?? 0);
|
$vendor = intval($_POST['vendor'] ?? 0);
|
||||||
|
|
||||||
|
$client_id = intval(getFieldById('software', $software_id, 'software_client_id'));
|
||||||
|
|
||||||
|
enforceClientAccess();
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor WHERE software_id = $software_id");
|
mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor WHERE software_id = $software_id");
|
||||||
|
|
||||||
|
|
||||||
@@ -176,6 +183,8 @@ if (isset($_GET['archive_software'])) {
|
|||||||
$software_name = sanitizeInput($row['software_name']);
|
$software_name = sanitizeInput($row['software_name']);
|
||||||
$client_id = intval($row['software_client_id']);
|
$client_id = intval($row['software_client_id']);
|
||||||
|
|
||||||
|
enforceClientAccess();
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE software SET software_archived_at = NOW() WHERE software_id = $software_id");
|
mysqli_query($mysqli,"UPDATE software SET software_archived_at = NOW() WHERE software_id = $software_id");
|
||||||
|
|
||||||
// Remove Software Relations
|
// Remove Software Relations
|
||||||
@@ -204,6 +213,8 @@ if (isset($_GET['delete_software'])) {
|
|||||||
$software_name = sanitizeInput($row['software_name']);
|
$software_name = sanitizeInput($row['software_name']);
|
||||||
$client_id = intval($row['software_client_id']);
|
$client_id = intval($row['software_client_id']);
|
||||||
|
|
||||||
|
enforceClientAccess();
|
||||||
|
|
||||||
mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
|
mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
|
||||||
|
|
||||||
logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
|
logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
|
||||||
@@ -231,7 +242,7 @@ if (isset($_POST['export_software_csv'])) {
|
|||||||
$file_name_prepend = "$session_company_name-";
|
$file_name_prepend = "$session_company_name-";
|
||||||
}
|
}
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM software $client_query ORDER BY software_name ASC");
|
$sql = mysqli_query($mysqli,"SELECT * FROM software LEFT JOIN client ON client_id = software_client_id WHERE software_archived_at IS NULL $client_query $access_permission_query ORDER BY software_name ASC");
|
||||||
|
|
||||||
$num_rows = mysqli_num_rows($sql);
|
$num_rows = mysqli_num_rows($sql);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user