AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tidying

Browse Source 
- Move more things to new permissions system
- Deduplicate assets post logic into model
- Swap out some "SELECT *" queries when only a couple of rows are actually needed
This commit is contained in:
wrongecho
2024-10-08 23:08:05 +01:00
parent e90200aebe
commit 987cd59764
25 changed files with 188 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
post/user/asset.php
View File

@@ -10,48 +10,7 @@ if (isset($_POST['add_asset'])) {
validateCSRFToken($_POST['csrf_token']);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$make = sanitizeInput($_POST['make']);
$model = sanitizeInput($_POST['model']);
$serial = sanitizeInput($_POST['serial']);
$os = sanitizeInput($_POST['os']);
$ip = sanitizeInput($_POST['ip']);
if($_POST['dhcp'] == 1){
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$nat_ip = sanitizeInput($_POST['nat_ip']);
$mac = sanitizeInput($_POST['mac']);
$uri = sanitizeInput($_POST['uri']);
$uri_2 = sanitizeInput($_POST['uri_2']);
$status = sanitizeInput($_POST['status']);
$location = intval($_POST['location']);
$physical_location = sanitizeInput($_POST['physical_location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
$purchase_date = sanitizeInput($_POST['purchase_date']);
if (empty($purchase_date)) {
$purchase_date = "NULL";
} else {
$purchase_date = "'" . $purchase_date . "'";
}
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
if (empty($warranty_expire)) {
$warranty_expire = "NULL";
} else {
$warranty_expire = "'" . $warranty_expire . "'";
}
$install_date = sanitizeInput($_POST['install_date']);
if (empty($install_date)) {
$install_date = "NULL";
} else {
$install_date = "'" . $install_date . "'";
}
$notes = sanitizeInput($_POST['notes']);
require_once 'asset_model.php';
$alert_extended = "";
@@ -111,49 +70,8 @@ if (isset($_POST['edit_asset'])) {
validateCSRFToken($_POST['csrf_token']);
require_once 'asset_model.php';
$asset_id = intval($_POST['asset_id']);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$make = sanitizeInput($_POST['make']);
$model = sanitizeInput($_POST['model']);
$serial = sanitizeInput($_POST['serial']);
$os = sanitizeInput($_POST['os']);
$ip = sanitizeInput($_POST['ip']);
if($_POST['dhcp'] == 1){
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$nat_ip = sanitizeInput($_POST['nat_ip']);
$mac = sanitizeInput($_POST['mac']);
$uri = sanitizeInput($_POST['uri']);
$uri_2 = sanitizeInput($_POST['uri_2']);
$status = sanitizeInput($_POST['status']);
$location = intval($_POST['location']);
$physical_location = sanitizeInput($_POST['physical_location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
$purchase_date = sanitizeInput($_POST['purchase_date']);
if (empty($purchase_date)) {
$purchase_date = "NULL";
} else {
$purchase_date = "'" . $purchase_date . "'";
}
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
if (empty($warranty_expire)) {
$warranty_expire = "NULL";
} else {
$warranty_expire = "'" . $warranty_expire . "'";
}
$install_date = sanitizeInput($_POST['install_date']);
if (empty($install_date)) {
$install_date = "NULL";
} else {
$install_date = "'" . $install_date . "'";
}
$notes = sanitizeInput($_POST['notes']);
// Get Existing Photo
$sql = mysqli_query($mysqli,"SELECT asset_photo FROM assets WHERE asset_id = $asset_id");
@@ -734,7 +652,10 @@ if (isset($_POST['add_asset_interface'])) {
validateCSRFToken($_POST['csrf_token']);
// Interface info
$interface_id = intval($_POST['interface_id']);
$asset_id = intval($_POST['asset_id']);
require_once 'asset_interface_model.php';
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
@@ -742,17 +663,6 @@ if (isset($_POST['add_asset_interface'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
$name = sanitizeInput($_POST['name']);
$mac = sanitizeInput($_POST['mac']);
$ip = sanitizeInput($_POST['ip']);
if($_POST['dhcp'] == 1){
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$port = sanitizeInput($_POST['port']);
$network = intval($_POST['network']);
$notes = sanitizeInput($_POST['notes']);
mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = '$name', interface_mac = '$mac', interface_ip = '$ip', interface_ipv6 = '$ipv6', interface_port = '$port', interface_notes = '$notes', interface_network_id = $network, interface_asset_id = $asset_id");
$interface_id = mysqli_insert_id($mysqli);
@@ -772,7 +682,9 @@ if (isset($_POST['edit_asset_interface'])) {
validateCSRFToken($_POST['csrf_token']);
// Interface info
$interface_id = intval($_POST['interface_id']);
require_once 'asset_interface_model.php';
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id, asset_id FROM asset_interfaces LEFT JOIN assets ON asset_id = interface_asset_id WHERE interface_id = $interface_id");
@@ -781,17 +693,6 @@ if (isset($_POST['edit_asset_interface'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
$name = sanitizeInput($_POST['name']);
$mac = sanitizeInput($_POST['mac']);
$ip = sanitizeInput($_POST['ip']);
if($_POST['dhcp'] == 1){
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$port = sanitizeInput($_POST['port']);
$network = intval($_POST['network']);
$notes = sanitizeInput($_POST['notes']);
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_name = '$name', interface_mac = '$mac', interface_ip = '$ip', interface_ipv6 = '$ipv6', interface_port = '$port', interface_notes = '$notes', interface_network_id = $network WHERE interface_id = $interface_id");
//Logging

11
post/user/asset_interface_model.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
$name = sanitizeInput($_POST['name']);
$mac = sanitizeInput($_POST['mac']);
$ip = sanitizeInput($_POST['ip']);
if ($_POST['dhcp'] == 1){
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$port = sanitizeInput($_POST['port']);
$network = intval($_POST['network']);
$notes = sanitizeInput($_POST['notes']);

43
post/user/asset_model.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$make = sanitizeInput($_POST['make']);
$model = sanitizeInput($_POST['model']);
$serial = sanitizeInput($_POST['serial']);
$os = sanitizeInput($_POST['os']);
$ip = sanitizeInput($_POST['ip']);
if ($_POST['dhcp'] == 1) {
$ip = 'DHCP';
}
$ipv6 = sanitizeInput($_POST['ipv6']);
$nat_ip = sanitizeInput($_POST['nat_ip']);
$mac = sanitizeInput($_POST['mac']);
$uri = sanitizeInput($_POST['uri']);
$uri_2 = sanitizeInput($_POST['uri_2']);
$status = sanitizeInput($_POST['status']);
$location = intval($_POST['location']);
$physical_location = sanitizeInput($_POST['physical_location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
$purchase_date = sanitizeInput($_POST['purchase_date']);
if (empty($purchase_date)) {
$purchase_date = "NULL";
} else {
$purchase_date = "'" . $purchase_date . "'";
}
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
if (empty($warranty_expire)) {
$warranty_expire = "NULL";
} else {
$warranty_expire = "'" . $warranty_expire . "'";
}
$install_date = sanitizeInput($_POST['install_date']);
if (empty($install_date)) {
$install_date = "NULL";
} else {
$install_date = "'" . $install_date . "'";
}
$notes = sanitizeInput($_POST['notes']);
$client_id = intval($_POST['client_id']);

2
post/user/certificate.php
View File

@@ -158,7 +158,7 @@ if (isset($_POST['export_client_certificates_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

2
post/user/client.php
View File

@@ -159,7 +159,7 @@ if (isset($_GET['archive_client'])) {
$client_id = intval($_GET['archive_client']);
// Get Client Name
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = sanitizeInput($row['client_name']);

37
post/user/contact.php
View File

@@ -6,7 +6,7 @@
if (isset($_POST['add_contact'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
require_once 'post/user/contact_model.php';
@@ -67,7 +67,7 @@ if (isset($_POST['add_contact'])) {
if (isset($_POST['edit_contact'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
require_once 'post/user/contact_model.php';
@@ -184,7 +184,7 @@ if (isset($_POST['edit_contact'])) {
if (isset($_POST['bulk_assign_contact_location'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$location_id = intval($_POST['bulk_location_id']);
@@ -223,7 +223,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
if (isset($_POST['bulk_edit_contact_phone'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$phone = preg_replace("/[^0-9]/", '', $_POST['bulk_phone']);
@@ -257,7 +257,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
if (isset($_POST['bulk_edit_contact_department'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$department = sanitizeInput($_POST['bulk_department']);
@@ -291,7 +291,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
if (isset($_POST['bulk_edit_contact_role'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$contact_important = intval($_POST['bulk_contact_important']);
$contact_billing = intval($_POST['bulk_contact_billing']);
@@ -329,7 +329,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
if (isset($_POST['bulk_assign_contact_tags'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
// Get Selected Contacts Count
$count = count($_POST['contact_ids']);
@@ -373,7 +373,9 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
}
if (isset($_POST['bulk_archive_contacts'])) {
validateAdminRole();
enforceUserPermission('module_client', 2);
//validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -416,7 +418,8 @@ if (isset($_POST['bulk_archive_contacts'])) {
}
if (isset($_POST['bulk_unarchive_contacts'])) {
validateAdminRole();
enforceUserPermission('module_client', 2);
//validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -455,7 +458,8 @@ if (isset($_POST['bulk_unarchive_contacts'])) {
}
if (isset($_POST['bulk_delete_contacts'])) {
validateAdminRole();
enforceUserPermission('module_client', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -500,7 +504,7 @@ if (isset($_POST['bulk_delete_contacts'])) {
if (isset($_GET['anonymize_contact'])) {
validateAdminRole();
enforceUserPermission('module_client', 3);
$contact_id = intval($_GET['anonymize_contact']);
@@ -595,7 +599,7 @@ if (isset($_GET['anonymize_contact'])) {
if (isset($_GET['archive_contact'])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$contact_id = intval($_GET['archive_contact']);
@@ -641,7 +645,7 @@ if (isset($_GET['unarchive_contact'])) {
}
if (isset($_GET['delete_contact'])) {
validateAdminRole();
enforceUserPermission('module_client', 3);
$contact_id = intval($_GET['delete_contact']);
@@ -671,10 +675,13 @@ if (isset($_GET['delete_contact'])) {
}
if (isset($_POST['export_client_contacts_csv'])) {
enforceUserPermission('module_client');
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
@@ -721,7 +728,7 @@ if (isset($_POST['export_client_contacts_csv'])) {
if (isset($_POST["import_client_contacts_csv"])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];

65
post/user/document.php
View File

@@ -6,16 +6,9 @@
if (isset($_POST['add_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
$folder = intval($_POST['folder']);
require_once 'document_model.php';
// Document add query
$add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = $session_user_id, document_client_id = $client_id");
@@ -36,7 +29,7 @@ if (isset($_POST['add_document'])) {
if (isset($_POST['add_document_from_template'])) {
// ROLE Check
validateTechRole();
enforceUserPermission('module_support', 2);
// GET POST Data
$client_id = intval($_POST['client_id']);
@@ -73,18 +66,12 @@ if (isset($_POST['add_document_from_template'])) {
if (isset($_POST['edit_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
require_once 'document_model.php';
$document_id = intval($_POST['document_id']);
$document_created_by = intval($_POST['created_by']);
$document_parent = intval($_POST['document_parent']);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
$folder = intval($_POST['folder']);
// Document add query
mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = $document_created_by, document_updated_by = $session_user_id, document_client_id = $client_id");
@@ -127,7 +114,7 @@ if (isset($_POST['edit_document'])) {
if (isset($_POST['move_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$document_id = intval($_POST['document_id']);
$client_id = intval($_POST['client_id']);
@@ -148,7 +135,7 @@ if (isset($_POST['move_document'])) {
if (isset($_POST['rename_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$document_id = intval($_POST['document_id']);
$client_id = intval($_POST['client_id']);
@@ -169,7 +156,7 @@ if (isset($_POST['rename_document'])) {
if (isset($_POST['bulk_move_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$folder_id = intval($_POST['bulk_folder_id']);
@@ -207,7 +194,7 @@ if (isset($_POST['bulk_move_document'])) {
if (isset($_POST['link_file_to_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$document_id = intval($_POST['document_id']);
@@ -227,7 +214,8 @@ if (isset($_POST['link_file_to_document'])) {
if (isset($_GET['unlink_file_from_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$file_id = intval($_GET['file_id']);
$document_id = intval($_GET['document_id']);
@@ -244,7 +232,7 @@ if (isset($_GET['unlink_file_from_document'])) {
if (isset($_POST['link_vendor_to_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$document_id = intval($_POST['document_id']);
@@ -264,7 +252,8 @@ if (isset($_POST['link_vendor_to_document'])) {
if (isset($_GET['unlink_vendor_from_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$vendor_id = intval($_GET['vendor_id']);
$document_id = intval($_GET['document_id']);
@@ -281,7 +270,7 @@ if (isset($_GET['unlink_vendor_from_document'])) {
if (isset($_POST['link_contact_to_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$document_id = intval($_POST['document_id']);
@@ -301,7 +290,8 @@ if (isset($_POST['link_contact_to_document'])) {
if (isset($_GET['unlink_contact_from_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$contact_id = intval($_GET['contact_id']);
$document_id = intval($_GET['document_id']);
@@ -318,7 +308,7 @@ if (isset($_GET['unlink_contact_from_document'])) {
if (isset($_POST['link_asset_to_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$document_id = intval($_POST['document_id']);
@@ -338,7 +328,8 @@ if (isset($_POST['link_asset_to_document'])) {
if (isset($_GET['unlink_asset_from_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['asset_id']);
$document_id = intval($_GET['document_id']);
@@ -355,7 +346,7 @@ if (isset($_GET['unlink_asset_from_document'])) {
if (isset($_POST['link_software_to_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$document_id = intval($_POST['document_id']);
@@ -375,7 +366,8 @@ if (isset($_POST['link_software_to_document'])) {
if (isset($_GET['unlink_software_from_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$software_id = intval($_GET['software_id']);
$document_id = intval($_GET['document_id']);
@@ -392,7 +384,7 @@ if (isset($_GET['unlink_software_from_document'])) {
if (isset($_POST['edit_document_template'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$document_id = intval($_POST['document_id']);
$name = sanitizeInput($_POST['name']);
@@ -415,7 +407,8 @@ if (isset($_POST['edit_document_template'])) {
}
if (isset($_POST['document_visible'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$document_id = intval($_POST['document_id']);
$document_visible = intval($_POST['document_visible']);
@@ -433,7 +426,7 @@ if (isset($_POST['document_visible'])) {
if (isset($_GET['archive_document'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$document_id = intval($_GET['archive_document']);
@@ -476,7 +469,7 @@ if (isset($_GET['archive_document'])) {
if (isset($_GET['delete_document_version'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$document_id = intval($_GET['delete_document_version']);
@@ -518,7 +511,7 @@ if (isset($_GET['delete_document_version'])) {
if (isset($_GET['delete_document'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$document_id = intval($_GET['delete_document']);

8
post/user/document_model.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$folder = intval($_POST['folder']);
$description = sanitizeInput($_POST['description']);
$content = mysqli_real_escape_string($mysqli,$_POST['content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
// Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.

42
post/user/domain.php
View File

@@ -6,18 +6,11 @@
if (isset($_POST['add_domain'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$name = preg_replace("(^https?://)", "", sanitizeInput($_POST['name']));
$description = sanitizeInput($_POST['description']);
$registrar = intval($_POST['registrar']);
$dnshost = intval($_POST['dnshost']);
$webhost = intval($_POST['webhost']);
$mailhost = intval($_POST['mailhost']);
require_once 'domain_model.php';
$extended_log_description = '';
$expire = sanitizeInput($_POST['expire']);
$notes = sanitizeInput($_POST['notes']);
$client_id = intval($_POST['client_id']);
// Set/check/lookup expiry date
if (strtotime($expire)) {
@@ -68,17 +61,11 @@ if (isset($_POST['add_domain'])) {
if (isset($_POST['edit_domain'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
require_once 'domain_model.php';
$domain_id = intval($_POST['domain_id']);
$name = preg_replace("(^https?://)", "", sanitizeInput($_POST['name']));
$description = sanitizeInput($_POST['description']);
$registrar = intval($_POST['registrar']);
$dnshost = intval($_POST['dnshost']);
$webhost = intval($_POST['webhost']);
$mailhost = intval($_POST['mailhost']);
$expire = sanitizeInput($_POST['expire']);
$notes = sanitizeInput($_POST['notes']);
// if (empty($expire) || (new DateTime($expire)) < (new DateTime())) {
// // Update domain expiry date
@@ -120,6 +107,9 @@ if (isset($_POST['edit_domain'])) {
}
if (isset($_GET['archive_domain'])) {
enforceUserPermission('module_support', 2);
$domain_id = intval($_GET['archive_domain']);
//Get domain Name
@@ -141,6 +131,8 @@ if (isset($_GET['archive_domain'])) {
if(isset($_GET['unarchive_domain'])){
enforceUserPermission('module_support', 2);
$domain_id = intval($_GET['unarchive_domain']);
// Get Name and Client ID for logging and alert message
@@ -161,7 +153,7 @@ if(isset($_GET['unarchive_domain'])){
if (isset($_GET['delete_domain'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$domain_id = intval($_GET['delete_domain']);
@@ -184,7 +176,7 @@ if (isset($_GET['delete_domain'])) {
}
if (isset($_POST['bulk_archive_domains'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -222,7 +214,7 @@ if (isset($_POST['bulk_archive_domains'])) {
}
if (isset($_POST['bulk_unarchive_domains'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -261,7 +253,7 @@ if (isset($_POST['bulk_unarchive_domains'])) {
}
if (isset($_POST['bulk_delete_domains'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -292,12 +284,12 @@ if (isset($_POST['bulk_delete_domains'])) {
if (isset($_POST['export_client_domains_csv'])) {
validateTechRole();
enforceUserPermission('module_support');
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

10
post/user/domain_model.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
$name = preg_replace("(^https?://)", "", sanitizeInput($_POST['name']));
$description = sanitizeInput($_POST['description']);
$registrar = intval($_POST['registrar']);
$dnshost = intval($_POST['dnshost']);
$webhost = intval($_POST['webhost']);
$mailhost = intval($_POST['mailhost']);
$expire = sanitizeInput($_POST['expire']);
$notes = sanitizeInput($_POST['notes']);

1
post/user/expense.php
View File

@@ -8,7 +8,6 @@ if (isset($_POST['add_expense'])) {
require_once 'post/user/expense_model.php';
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'");
$expense_id = mysqli_insert_id($mysqli);

6
post/user/invoice.php
View File

@@ -1227,7 +1227,7 @@ if (isset($_POST['export_client_invoices_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
@@ -1319,7 +1319,7 @@ if (isset($_POST['export_client_recurring_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
@@ -1360,7 +1360,7 @@ if (isset($_POST['export_client_payments_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

15
post/user/network.php
View File

@@ -6,7 +6,7 @@
if (isset($_POST['add_network'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
require_once 'post/user/network_model.php';
@@ -25,10 +25,9 @@ if (isset($_POST['add_network'])) {
if (isset($_POST['edit_network'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$network_id = intval($_POST['network_id']);
require_once 'post/user/network_model.php';
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");
@@ -44,7 +43,7 @@ if (isset($_POST['edit_network'])) {
if (isset($_GET['archive_network'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$network_id = intval($_GET['archive_network']);
@@ -67,7 +66,7 @@ if (isset($_GET['archive_network'])) {
}
if (isset($_GET['delete_network'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$network_id = intval($_GET['delete_network']);
@@ -90,7 +89,7 @@ if (isset($_GET['delete_network'])) {
}
if (isset($_POST['bulk_delete_networks'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@@ -121,12 +120,12 @@ if (isset($_POST['bulk_delete_networks'])) {
if (isset($_POST['export_client_networks_csv'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

2
post/user/quote.php
View File

@@ -464,7 +464,7 @@ if(isset($_POST['export_client_quotes_csv'])){
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

7
post/user/service.php
View File

@@ -6,7 +6,7 @@
if (isset($_POST['add_service'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$service_name = sanitizeInput($_POST['name']);
@@ -108,7 +108,7 @@ if (isset($_POST['add_service'])) {
if (isset($_POST['edit_service'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$service_id = intval($_POST['service_id']);
@@ -212,7 +212,8 @@ if (isset($_POST['edit_service'])) {
if (isset($_GET['delete_service'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_GET['csrf_token']);
$service_id = intval($_GET['delete_service']);

14
post/user/software.php
View File

@@ -7,6 +7,8 @@
if (isset($_POST['add_software_from_template'])) {
enforceUserPermission('module_support', 2);
// GET POST Data
$client_id = intval($_POST['client_id']);
$software_template_id = intval($_POST['software_template_id']);
@@ -37,7 +39,7 @@ if (isset($_POST['add_software_from_template'])) {
if (isset($_POST['add_software'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
@@ -95,7 +97,7 @@ if (isset($_POST['add_software'])) {
if (isset($_POST['edit_software'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$software_id = intval($_POST['software_id']);
$client_id = intval($_POST['client_id']);
@@ -153,7 +155,7 @@ if (isset($_POST['edit_software'])) {
if (isset($_GET['archive_software'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$software_id = intval($_GET['archive_software']);
@@ -181,7 +183,7 @@ if (isset($_GET['archive_software'])) {
if (isset($_GET['delete_software'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$software_id = intval($_GET['delete_software']);
@@ -209,12 +211,12 @@ if (isset($_GET['delete_software'])) {
if (isset($_POST['export_client_software_csv'])) {
validateTechRole();
enforceUserPermission('module_support');
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

2
post/user/trip.php
View File

@@ -109,7 +109,7 @@ if (isset($_POST['export_client_trips_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];

2
post/user/vendor.php
View File

@@ -283,7 +283,7 @@ if (isset($_POST['export_client_vendors_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];