diff --git a/admin_role.php b/admin_role.php index f79def74..5ea1e4c6 100644 --- a/admin_role.php +++ b/admin_role.php @@ -1,7 +1,7 @@ "> - - Role + + Role Members - - Admin + + Admin Action @@ -70,17 +70,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - - Role + + Role @@ -116,8 +116,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $mfa_status_display = ""; } $user_config_force_mfa = intval($row['user_config_force_mfa']); - $user_role = $row['user_role']; - $user_role_display = nullable_htmlentities($row['user_role_name']); + $user_role = $row['user_role_id']; + $user_role_display = nullable_htmlentities($row['role_name']); $user_initials = nullable_htmlentities(initials($user_name)); $sql_last_login = mysqli_query( @@ -139,7 +139,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); } // Get User Client Access Permissions - $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id"); + $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id"); $client_access_array = []; while ($row = mysqli_fetch_assoc($user_client_access_sql)) { $client_access_array[] = intval($row['client_id']); diff --git a/ajax/ajax_project_edit.php b/ajax/ajax_project_edit.php index 71bf976a..af61d3ef 100644 --- a/ajax/ajax_project_edit.php +++ b/ajax/ajax_project_edit.php @@ -74,9 +74,8 @@ ob_start(); 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); while ($row = mysqli_fetch_array($sql_project_managers_select)) { $user_id_select = intval($row['user_id']); diff --git a/ajax/ajax_role_edit.php b/ajax/ajax_role_edit.php index f0f2d237..9b1d967f 100644 --- a/ajax/ajax_role_edit.php +++ b/ajax/ajax_role_edit.php @@ -4,18 +4,18 @@ require_once '../includes/ajax_header.php'; $role_id = intval($_GET['id']); -$sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_id = $role_id LIMIT 1"); +$sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_id = $role_id LIMIT 1"); $row = mysqli_fetch_array($sql); -$role_name = nullable_htmlentities($row['user_role_name']); -$role_description = nullable_htmlentities($row['user_role_description']); -$role_admin = intval($row['user_role_is_admin']); +$role_name = nullable_htmlentities($row['role_name']); +$role_description = nullable_htmlentities($row['role_description']); +$role_admin = intval($row['role_is_admin']); // Count number of users that have each role -$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); +$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL"); $role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; -$sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); +$sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL"); // Initialize an empty array to hold user names $user_names = []; diff --git a/ajax/ajax_user_edit.php b/ajax/ajax_user_edit.php index f592d71b..54e916f5 100644 --- a/ajax/ajax_user_edit.php +++ b/ajax/ajax_user_edit.php @@ -12,11 +12,11 @@ $user_email = nullable_htmlentities($row['user_email']); $user_avatar = nullable_htmlentities($row['user_avatar']); $user_token = nullable_htmlentities($row['user_token']); $user_config_force_mfa = intval($row['user_config_force_mfa']); -$user_role = intval($row['user_role']); +$user_role_id = intval($row['user_role_id']); $user_initials = nullable_htmlentities(initials($user_name)); // Get User Client Access Permissions -$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id"); +$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id"); $client_access_array = []; while ($row = mysqli_fetch_assoc($user_client_access_sql)) { $client_access_array[] = intval($row['client_id']); @@ -107,13 +107,13 @@ ob_start(); diff --git a/check_login.php b/check_login.php index 72ffa668..2db055a1 100644 --- a/check_login.php +++ b/check_login.php @@ -27,17 +27,11 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) { exit; } -// Check user type -if ($_SESSION['user_type'] !== 1) { - header("Location: login.php"); - exit(); -} - // Set Timezone require_once "inc_set_timezone.php"; -// User IP & UA +// User Vars and User Settings $session_ip = sanitizeInput(getIP()); $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']); @@ -47,7 +41,7 @@ $sql = mysqli_query( $mysqli, "SELECT * FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id - LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id + LEFT JOIN user_roles ON user_role_id = role_id WHERE users.user_id = $session_user_id"); $row = mysqli_fetch_array($sql); @@ -55,9 +49,10 @@ $session_name = sanitizeInput($row['user_name']); $session_email = $row['user_email']; $session_avatar = $row['user_avatar']; $session_token = $row['user_token']; // MFA Token -$session_user_role = intval($row['user_role']); -$session_user_role_display = sanitizeInput($row['user_role_name']); -if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) { +$session_user_type = intval($row['user_type']); +$session_user_role = intval($row['user_role_id']); +$session_user_role_display = sanitizeInput($row['role_name']); +if (isset($row['role_is_admin']) && $row['role_is_admin'] == 1) { $session_is_admin = true; } else { $session_is_admin = false; @@ -65,6 +60,15 @@ if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) { $session_user_config_force_mfa = intval($row['user_config_force_mfa']); $user_config_records_per_page = intval($row['user_config_records_per_page']); +// Check user type +if ($session_user_type !== 1) { + session_unset(); + session_destroy(); + header("Location: login.php"); + exit(); +} + +// Company Vars and Company Settings $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1"); $row = mysqli_fetch_array($sql); @@ -78,7 +82,7 @@ $session_company_currency = $row['company_currency']; $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY); // Get User Client Access Permissions -$user_client_access_sql = "SELECT client_id FROM user_permissions WHERE user_id = $session_user_id"; +$user_client_access_sql = "SELECT client_id FROM user_client_permissions WHERE user_id = $session_user_id"; $user_client_access_result = mysqli_query($mysqli, $user_client_access_sql); $client_access_array = []; diff --git a/dashboard.php b/dashboard.php index cae20984..92fa3fc0 100644 --- a/dashboard.php +++ b/dashboard.php @@ -73,11 +73,6 @@ $sql_years_select = mysqli_query($mysqli, " window.location.href = \'dashboard_technical.php\';'); - } - // Fetch financial data for the dashboard // Define variables to avoid errors in logs $largest_income_month = 0; diff --git a/database_updates.php b/database_updates.php index eadb71a8..ff203f75 100644 --- a/database_updates.php +++ b/database_updates.php @@ -2435,10 +2435,53 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.9'"); } - // if (CURRENT_DATABASE_VERSION == '1.8.9') { - // // Insert queries here required to update to DB version 1.9.0 + if (CURRENT_DATABASE_VERSION == '1.8.9') { + mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_role_id` INT(11) DEFAULT 0 AFTER `user_archived_at`"); + + // Copy user role from user settings table to the users table + mysqli_query($mysqli," + UPDATE `users` + JOIN `user_settings` ON users.user_id = user_settings.user_id + SET users.user_role_id = user_settings.user_role + "); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'"); + } + + if (CURRENT_DATABASE_VERSION == '1.9.0') { + mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_role`"); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.1'"); + } + + if (CURRENT_DATABASE_VERSION == '1.9.1') { + + mysqli_query($mysqli, + "ALTER TABLE `user_roles` + CHANGE COLUMN `user_role_id` `role_id` INT(11) NOT NULL AUTO_INCREMENT, + CHANGE COLUMN `user_role_name` `role_name` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + CHANGE COLUMN `user_role_description` `role_description` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL, + CHANGE COLUMN `user_role_type` `role_type` TINYINT(1) NOT NULL DEFAULT 1, + CHANGE COLUMN `user_role_is_admin` `role_is_admin` TINYINT(1) NOT NULL DEFAULT 0, + CHANGE COLUMN `user_role_created_at` `role_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP(), + CHANGE COLUMN `user_role_updated_at` `role_updated_at` DATETIME NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP(), + CHANGE COLUMN `user_role_archived_at` `role_archived_at` DATETIME NULL DEFAULT NULL + "); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.2'"); + } + + if (CURRENT_DATABASE_VERSION == '1.9.2') { + + mysqli_query($mysqli, "RENAME TABLE `user_permissions` TO `user_client_permissions`"); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.3'"); + } + + // if (CURRENT_DATABASE_VERSION == '1.9.3') { + // // Insert queries here required to update to DB version 1.9.4 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.4'"); // } } else { diff --git a/db.sql b/db.sql index b731ab09..4f298057 100644 --- a/db.sql +++ b/db.sql @@ -2205,13 +2205,13 @@ CREATE TABLE `trips` ( /*!40101 SET character_set_client = @saved_cs_client */; -- --- Table structure for table `user_permissions` +-- Table structure for table `user_client_permissions` -- -DROP TABLE IF EXISTS `user_permissions`; +DROP TABLE IF EXISTS `user_client_permissions`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE `user_permissions` ( +CREATE TABLE `user_client_permissions` ( `user_id` int(11) NOT NULL, `client_id` int(11) NOT NULL, PRIMARY KEY (`user_id`,`client_id`) @@ -2240,15 +2240,15 @@ DROP TABLE IF EXISTS `user_roles`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `user_roles` ( - `user_role_id` int(11) NOT NULL AUTO_INCREMENT, - `user_role_name` varchar(200) NOT NULL, - `user_role_description` varchar(200) DEFAULT NULL, - `user_role_type` tinyint(1) NOT NULL DEFAULT 1, - `user_role_is_admin` tinyint(1) NOT NULL DEFAULT 0, - `user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(), - `user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), - `user_role_archived_at` datetime DEFAULT NULL, - PRIMARY KEY (`user_role_id`) + `role_id` int(11) NOT NULL AUTO_INCREMENT, + `role_name` varchar(200) NOT NULL, + `role_description` varchar(200) DEFAULT NULL, + `role_type` tinyint(1) NOT NULL DEFAULT 1, + `role_is_admin` tinyint(1) NOT NULL DEFAULT 0, + `role_created_at` datetime NOT NULL DEFAULT current_timestamp(), + `role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), + `role_archived_at` datetime DEFAULT NULL, + PRIMARY KEY (`role_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -2261,7 +2261,6 @@ DROP TABLE IF EXISTS `user_settings`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `user_settings` ( `user_id` int(11) NOT NULL, - `user_role` int(11) NOT NULL, `user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0, `user_config_records_per_page` int(11) NOT NULL DEFAULT 10, `user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0, @@ -2296,6 +2295,7 @@ CREATE TABLE `users` ( `user_created_at` datetime NOT NULL DEFAULT current_timestamp(), `user_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `user_archived_at` datetime DEFAULT NULL, + `user_role_id` int(11) DEFAULT 0, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -2383,4 +2383,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2025-03-10 12:25:19 +-- Dump completed on 2025-03-10 15:52:38 diff --git a/functions.php b/functions.php index 4e013c37..56152129 100644 --- a/functions.php +++ b/functions.php @@ -541,7 +541,7 @@ function validateCSRFToken($token) function validateAdminRole() { - if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3) { + if (!isset($session_user_role) || $session_user_role != 3) { $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -553,7 +553,7 @@ function validateAdminRole() // Validates a user is a tech (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is an accountant) function validateTechRole() { - if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1) { + if (!isset($session_user_role) || $session_user_role == 1) { $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -565,7 +565,7 @@ function validateTechRole() // Validates a user is an accountant (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is a tech) function validateAccountantRole() { - if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2) { + if (!isset($session_user_role) || $session_user_role == 2) { $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -1313,15 +1313,15 @@ function lookupUserPermission($module) { $sql = mysqli_query( $mysqli, "SELECT - urp.user_role_permission_level + user_role_permissions.user_role_permission_level FROM - modules AS m + modules JOIN - user_role_permissions AS urp + user_role_permissions ON - m.module_id = urp.module_id + modules.module_id = user_role_permissions.module_id WHERE - m.module_name = '$module' AND urp.user_role_id = $session_user_role" + module_name = '$module' AND user_role_permissions.user_role_id = $session_user_role" ); $row = mysqli_fetch_array($sql); diff --git a/includes/database_version.php b/includes/database_version.php index 1a9644cb..b2d43d63 100644 --- a/includes/database_version.php +++ b/includes/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "1.8.9"); +DEFINE("LATEST_DATABASE_VERSION", "1.9.3"); diff --git a/login.php b/login.php index c42b01eb..25eb1584 100644 --- a/login.php +++ b/login.php @@ -117,7 +117,7 @@ if (isset($_POST['login'])) { $user_email = sanitizeInput($row['user_email']); $token = sanitizeInput($row['user_token']); $force_mfa = intval($row['user_config_force_mfa']); - $user_role = intval($row['user_role']); + $user_role_id = intval($row['user_role_id']); $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; $user_extension_key = $row['user_extension_key']; @@ -193,9 +193,6 @@ if (isset($_POST['login'])) { // Session info $_SESSION['user_id'] = $user_id; - $_SESSION['user_name'] = $user_name; - $_SESSION['user_type'] = 1; - $_SESSION['user_role'] = $user_role; $_SESSION['csrf_token'] = randomString(156); $_SESSION['logged'] = true; diff --git a/modals/admin_user_add_modal.php b/modals/admin_user_add_modal.php index 954b5b7d..9945a08e 100644 --- a/modals/admin_user_add_modal.php +++ b/modals/admin_user_add_modal.php @@ -71,13 +71,13 @@ diff --git a/modals/asset_bulk_add_ticket_modal.php b/modals/asset_bulk_add_ticket_modal.php index 941b3f6b..86124ef9 100644 --- a/modals/asset_bulk_add_ticket_modal.php +++ b/modals/asset_bulk_add_ticket_modal.php @@ -82,9 +82,8 @@ $sql = mysqli_query( $mysqli, - "SELECT users.user_id, user_name FROM users - LEFT JOIN user_settings on users.user_id = user_settings.user_id - WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); while ($row = mysqli_fetch_array($sql)) { $user_id = intval($row['user_id']); diff --git a/modals/project_add_modal.php b/modals/project_add_modal.php index 463c2a7b..90c047cd 100644 --- a/modals/project_add_modal.php +++ b/modals/project_add_modal.php @@ -75,9 +75,8 @@ $sql = mysqli_query( $mysqli, - "SELECT users.user_id, user_name FROM users - LEFT JOIN user_settings on users.user_id = user_settings.user_id - WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); while ($row = mysqli_fetch_array($sql)) { $user_id = intval($row['user_id']); diff --git a/modals/recurring_ticket_add_modal.php b/modals/recurring_ticket_add_modal.php index e905d559..cdc63a44 100644 --- a/modals/recurring_ticket_add_modal.php +++ b/modals/recurring_ticket_add_modal.php @@ -74,9 +74,8 @@ $sql = mysqli_query( $mysqli, - "SELECT users.user_id, user_name FROM users - LEFT JOIN user_settings on users.user_id = user_settings.user_id - WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); while ($row = mysqli_fetch_array($sql)) { $user_id = intval($row['user_id']); diff --git a/modals/ticket_add_modal.php b/modals/ticket_add_modal.php index de6e3f29..7ecc4ee7 100644 --- a/modals/ticket_add_modal.php +++ b/modals/ticket_add_modal.php @@ -178,9 +178,8 @@ $sql = mysqli_query( $mysqli, - "SELECT users.user_id, user_name FROM users - LEFT JOIN user_settings on users.user_id = user_settings.user_id - WHERE user_role > 1 + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_type = 1 AND user_status = 1 AND user_archived_at IS NULL diff --git a/modals/trip_add_modal.php b/modals/trip_add_modal.php index 88491f3f..a16e3313 100644 --- a/modals/trip_add_modal.php +++ b/modals/trip_add_modal.php @@ -89,9 +89,8 @@ 1 AND user_archived_at IS NULL ORDER BY user_name ASC" + $sql = mysqli_query($mysqli, "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); while ($row = mysqli_fetch_array($sql)) { $user_id = intval($row['user_id']); diff --git a/post/admin/admin_role.php b/post/admin/admin_role.php index 20fda49b..af659e70 100644 --- a/post/admin/admin_role.php +++ b/post/admin/admin_role.php @@ -14,12 +14,12 @@ if (isset($_POST['add_role'])) { $description = sanitizeInput($_POST['role_description']); $admin = intval($_POST['role_is_admin']); - mysqli_query($mysqli, "INSERT INTO user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin"); + mysqli_query($mysqli, "INSERT INTO user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin"); - $user_role_id = mysqli_insert_id($mysqli); + $role_id = mysqli_insert_id($mysqli); // Logging - logAction("User Role", "Create", "$session_name created user role $name", 0, $user_role_id); + logAction("User Role", "Create", "$session_name created user role $name", 0, $role_id); $_SESSION['alert_message'] = "User Role created"; @@ -37,7 +37,7 @@ if (isset($_POST['edit_role'])) { $description = sanitizeInput($_POST['role_description']); $admin = intval($_POST['role_is_admin']); - mysqli_query($mysqli, "UPDATE user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin WHERE user_role_id = $role_id"); + mysqli_query($mysqli, "UPDATE user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin WHERE role_id = $role_id"); // Update role access levels mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id"); @@ -68,7 +68,7 @@ if (isset($_GET['archive_role'])) { $role_id = intval($_GET['archive_role']); // Check role isn't in use - $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); + $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL"); $role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; if ($role_user_count != 0) { $_SESSION['alert_type'] = "error"; @@ -77,11 +77,11 @@ if (isset($_GET['archive_role'])) { exit(); } - mysqli_query($mysqli, "UPDATE user_roles SET user_role_archived_at = NOW() WHERE user_role_id = $role_id"); + mysqli_query($mysqli, "UPDATE user_roles SET role_archived_at = NOW() WHERE role_id = $role_id"); // Logging - $role_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_role_name FROM user_roles WHERE user_role_id = $role_id LIMIT 1")); - $role_name = sanitizeInput($role_details['user_role_name']); + $role_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT role_name FROM user_roles WHERE role_id = $role_id LIMIT 1")); + $role_name = sanitizeInput($role_details['role_name']); logAction("User Role", "Archive", "$session_name archived user role $role_name", 0, $role_id); $_SESSION['alert_message'] = "User Role archived"; diff --git a/post/admin/admin_user.php b/post/admin/admin_user.php index 5b095795..632fd083 100644 --- a/post/admin/admin_user.php +++ b/post/admin/admin_user.php @@ -15,7 +15,7 @@ if (isset($_POST['add_user'])) { $password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT); $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password'])); - mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext'"); + mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' user_role_id = $role"); $user_id = mysqli_insert_id($mysqli); @@ -23,7 +23,7 @@ if (isset($_POST['add_user'])) { if (isset($_POST['clients'])) { foreach($_POST['clients'] as $client_id) { $client_id = intval($client_id); - mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id"); + mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id"); } } @@ -50,7 +50,7 @@ if (isset($_POST['add_user'])) { } // Create Settings - mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa"); + mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_config_force_mfa = $force_mfa"); $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); $row = mysqli_fetch_array($sql); @@ -109,11 +109,11 @@ if (isset($_POST['edit_user'])) { $new_password = trim($_POST['new_password']); // Update Client Access - mysqli_query($mysqli,"DELETE FROM user_permissions WHERE user_id = $user_id"); + mysqli_query($mysqli,"DELETE FROM user_client_permissions WHERE user_id = $user_id"); if (isset($_POST['clients'])) { foreach($_POST['clients'] as $client_id) { $client_id = intval($client_id); - mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id"); + mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id"); } } @@ -153,7 +153,7 @@ if (isset($_POST['edit_user'])) { } } - mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id"); + mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email', user_role_id = $role WHERE user_id = $user_id"); if (!empty($new_password)) { $new_password = password_hash($new_password, PASSWORD_DEFAULT); @@ -169,7 +169,7 @@ if (isset($_POST['edit_user'])) { } //Update User Settings - mysqli_query($mysqli, "UPDATE user_settings SET user_role = $role, user_config_force_mfa = $force_mfa WHERE user_id = $user_id"); + mysqli_query($mysqli, "UPDATE user_settings SET user_config_force_mfa = $force_mfa WHERE user_id = $user_id"); // Logging logAction("User", "Edit", "$session_name edited user $name", 0, $user_id); @@ -280,13 +280,13 @@ if (isset($_GET['archive_user'])) { if (isset($_POST['export_users_csv'])) { //get records from database - $sql = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC"); + $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_roles ON user_role_id = role_id ORDER BY user_name ASC"); $count = mysqli_num_rows($sql); if ($count > 0) { - $delimiter = ", "; - $filename = $session_company_name . "-Users-" . date('Y-m-d') . ".csv"; + $delimiter = ","; + $filename = "Users-" . date('Y-m-d') . ".csv"; //create a file pointer $f = fopen('php://memory', 'w'); @@ -306,16 +306,8 @@ if (isset($_POST['export_users_csv'])) { } else{ $user_status_display = "Disabled"; } - $user_role = $row['user_role']; - if ($user_role == 3) { - $user_role_display = "Administrator"; - } elseif ($user_role == 2) { - $user_role_display = "Technician"; - } else { - $user_role_display = "Accountant"; - } - $lineData = array($row['user_name'], $row['user_email'], $user_role_display, $user_status_display, $row['user_created_at']); + $lineData = array($row['user_name'], $row['user_email'], $row['role_name'], $user_status_display, $row['user_created_at']); fputcsv($f, $lineData, $delimiter); } diff --git a/ticket.php b/ticket.php index d4d83a09..ff4e0eda 100644 --- a/ticket.php +++ b/ticket.php @@ -278,9 +278,8 @@ if (isset($_GET['ticket_id'])) { // Get Technicians to assign the ticket to $sql_assign_to_select = mysqli_query( $mysqli, - "SELECT users.user_id, user_name FROM users - LEFT JOIN user_settings on users.user_id = user_settings.user_id - WHERE user_role > 1 + "SELECT user_id, user_name FROM users + WHERE user_role_id > 1 AND user_type = 1 AND user_status = 1 AND user_archived_at IS NULL