AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Finished moving to the redirect, flash_alert and get_field_by_id and maing sure validate_csrf is on top and some other cleanups for user posts

This commit is contained in:
johnnyq 2025-08-04 17:41:32 -04:00
parent e39072d3bc
commit a38d0054df
5 changed files with 172 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

246
user/post/ticket.php
View File

@ -180,12 +180,12 @@ if (isset($_POST['add_ticket'])) {
// Custom action/notif handler
customAction('ticket_create', $ticket_id);
// Logging
logAction("Ticket", "Create", "$session_name created ticket $config_ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Ticket <strong>$config_ticket_prefix$ticket_number</strong> created";
flash_alert("Ticket <strong>$config_ticket_prefix$ticket_number</strong> created");
redirect("ticket.php?ticket_id=$ticket_id");
header("Location: ticket.php?ticket_id=$ticket_id");
}
if (isset($_POST['edit_ticket'])) {
@ -287,12 +287,12 @@ if (isset($_POST['edit_ticket'])) {
// Custom action/notif handler
customAction('ticket_update', $ticket_id);
// Logging
logAction("Ticket", "Edit", "$session_name edited ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Ticket <strong>$ticket_prefix$ticket_number</strong> updated";
flash_alert("Ticket <strong>$ticket_prefix$ticket_number</strong> updated");
redirect();
}
if (isset($_POST['edit_ticket_priority'])) {
@ -322,14 +322,14 @@ if (isset($_POST['edit_ticket_priority'])) {
// Update Ticket History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
$_SESSION['alert_message'] = "Priority updated from <strong>$original_priority</strong> to <strong>$priority</strong>";
flash_alert("Priority updated from <strong>$original_priority</strong> to <strong>$priority</strong>");
redirect();
}
if (isset($_POST['edit_ticket_contact'])) {
@ -408,12 +408,12 @@ if (isset($_POST['edit_ticket_contact'])) {
// Update Ticket History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed the contact from $original_contact_name to $contact_name', ticket_history_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name changed the contact from $original_contact_name to $contact_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Contact changed from <strong>$original_contact_name</strong> to <strong>$contact_name</strong>";
flash_alert("Contact changed from <strong>$original_contact_name</strong> to <strong>$contact_name</strong>");
redirect();
}
if (isset($_POST['add_ticket_watcher'])) {
@ -483,15 +483,15 @@ if (isset($_POST['add_ticket_watcher'])) {
addToMailQueue($data);
}
// Logging
logAction("Ticket", "Edit", "$session_name added $watcher_email as a watcher for ticket $config_ticket_prefix$ticket_number", $client_id, $ticket_id);
}
}
$_SESSION['alert_message'] = "Added watcher(s)";
flash_alert("Added watcher(s)");
redirect();
}
if (isset($_GET['delete_ticket_watcher'])) {
@ -520,13 +520,12 @@ if (isset($_GET['delete_ticket_watcher'])) {
// History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed ticket $watcher_email as a watcher', ticket_history_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name removed $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Removed ticket watcher <strong>$watcher_email</strong>";
flash_alert("Removed ticket watcher <strong>$watcher_email</strong>", 'error');
redirect();
}
if (isset($_GET['delete_ticket_additional_asset'])) {
@ -555,13 +554,12 @@ if (isset($_GET['delete_ticket_additional_asset'])) {
// History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Removed asset <strong>$asset_name</strong> from ticket.";
flash_alert("Removed asset <strong>$asset_name</strong> from ticket.", 'error');
redirect();
}
if (isset($_POST['edit_ticket_asset'])) {
@ -587,12 +585,12 @@ if (isset($_POST['edit_ticket_asset'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['ticket_client_id']);
// Logging
logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Ticket <strong>$ticket_prefix$ticket_number</strong> asset updated to <strong>$asset_name</strong>";
flash_alert("Ticket <strong>$ticket_prefix$ticket_number</strong> asset updated to <strong>$asset_name</strong>");
redirect();
}
if (isset($_POST['edit_ticket_vendor'])) {
@ -618,12 +616,12 @@ if (isset($_POST['edit_ticket_vendor'])) {
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['ticket_client_id']);
// Logging
logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Set vendor to <strong>$vendor_name</strong> for ticket <strong>$ticket_prefix$ticket_number</strong>";
flash_alert("Set vendor to <strong>$vendor_name</strong> for ticket <strong>$ticket_prefix$ticket_number</strong>");
redirect();
}
if (isset($_POST['assign_ticket'])) {
@ -654,10 +652,8 @@ if (isset($_POST['assign_ticket'])) {
$ticket_reply = "Ticket re-assigned to $agent_name.";
if (!$agent_name) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invalid agent!";
flash_alert("Invalid agent!", 'error');
redirect();
exit();
}
}
@ -672,10 +668,8 @@ if (isset($_POST['assign_ticket'])) {
$client_name = sanitizeInput($ticket_details['client_name']);
if (!$ticket_subject) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invalid ticket!";
flash_alert("Invalid ticket!", 'error');
redirect();
exit();
}
// Update ticket & insert reply
@ -683,7 +677,6 @@ if (isset($_POST['assign_ticket'])) {
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
@ -722,18 +715,18 @@ if (isset($_POST['assign_ticket'])) {
customAction('ticket_assign', $ticket_id);
$_SESSION['alert_message'] = "Ticket <strong>$ticket_prefix$ticket_number</strong> assigned to <strong>$agent_name</strong>";
flash_alert("Ticket <strong>$ticket_prefix$ticket_number</strong> assigned to <strong>$agent_name</strong>");
redirect();
}
if (isset($_GET['delete_ticket'])) {
enforceUserPermission('module_support', 3);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$ticket_id = intval($_GET['delete_ticket']);
// Get Ticket and Client ID for logging and alert message
@ -764,23 +757,23 @@ if (isset($_GET['delete_ticket'])) {
// No Need to delete ticket assets as this is cascadely deleted via the database.
// Logging
logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Ticket <strong>$ticket_prefix$ticket_number</strong> along with all replies deleted";
flash_alert("Ticket <strong>$ticket_prefix$ticket_number</strong> along with all replies deleted", 'error');
customAction('ticket_delete', $ticket_id);
header("Location: tickets.php");
redirect("tickets.php");
}
}
if (isset($_POST['bulk_delete_tickets'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['ticket_ids'])) {
$count = count($_POST['ticket_ids']);
@ -806,18 +799,17 @@ if (isset($_POST['bulk_delete_tickets'])) {
// No Need to delete ticket assets as this is cascadely deleted via the database.
// Logging
logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id);
}
// Logging
logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)");
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> ticket(s)";
flash_alert("Deleted <strong>$count</strong> ticket(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_assign_ticket'])) {
@ -863,10 +855,8 @@ if (isset($_POST['bulk_assign_ticket'])) {
$ticket_reply = "Ticket re-assigned to $agent_name.";
if (!$agent_name) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invalid agent!";
flash_alert("Invalid agent!", 'error');
redirect();
exit();
}
}
@ -875,7 +865,6 @@ if (isset($_POST['bulk_assign_ticket'])) {
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
customAction('ticket_assign', $ticket_id);
@ -917,9 +906,10 @@ if (isset($_POST['bulk_assign_ticket'])) {
}
}
$_SESSION['alert_message'] = "You assigned <b>$ticket_count</b> Tickets to <b>$agent_name</b>";
flash_alert("You assigned <b>$ticket_count</b> Tickets to <b>$agent_name</b>");
redirect();
}
if (isset($_POST['bulk_edit_ticket_priority'])) {
@ -952,19 +942,18 @@ if (isset($_POST['bulk_edit_ticket_priority'])) {
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
} // End For Each Ticket ID Loop
// Logging
logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count");
$_SESSION['alert_message'] = "You updated the priority for <strong>$ticket_count</strong> Tickets to <strong>$priority</strong>";
flash_alert("You updated the priority for <strong>$ticket_count</strong> Tickets to <strong>$priority</strong>");
}
redirect();
}
if (isset($_POST['bulk_edit_ticket_category'])) {
@ -993,26 +982,23 @@ if (isset($_POST['bulk_edit_ticket_category'])) {
$client_id = intval($row['ticket_client_id']);
// Get Category Name
$sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_id = $category_id");
$row = mysqli_fetch_array($sql);
$category_name = sanitizeInput($row['category_name']);
$category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Update ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
} // End For Each Ticket ID Loop
// Logging
logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count");
$_SESSION['alert_message'] = "Category set to $category_name for <strong>$ticket_count</strong> Tickets";
flash_alert("Category set to $category_name for <strong>$ticket_count</strong> Tickets");
}
redirect();
}
if (isset($_POST['bulk_merge_tickets'])) {
@ -1027,9 +1013,8 @@ if (isset($_POST['bulk_merge_tickets'])) {
// Get merge into ticket id (as it may differ from the number)
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
$_SESSION['alert_message'] = "Cannot merge into that ticket.";
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
exit();
}
$merge_row = mysqli_fetch_array($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID
@ -1061,7 +1046,6 @@ if (isset($_POST['bulk_merge_tickets'])) {
//Update new parent ticket
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.<br><br><b>$ticket_subject</b><br>$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = 'Internal', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id");
// Logging
logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number", $client_id, $ticket_id);
// Custom action/notif handler
@ -1072,7 +1056,7 @@ if (isset($_POST['bulk_merge_tickets'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id");
$_SESSION['alert_message'] = "<strong>$ticket_count</strong> tickets merged into <strong>$ticket_prefix$merge_into_ticket_number</strong>";
flash_alert("<strong>$ticket_count</strong> tickets merged into <strong>$ticket_prefix$merge_into_ticket_number</strong>");
}
@ -1127,7 +1111,6 @@ if (isset($_POST['bulk_resolve_tickets'])) {
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id);
customAction('ticket_resolve', $ticket_id);
@ -1156,7 +1139,6 @@ if (isset($_POST['bulk_resolve_tickets'])) {
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// EMAIL
$subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
$body = "<i style=\'color: #808080\'>##- Please type your reply above this line -##</i><br><br>Hello $contact_name,<br><br>Your ticket regarding \"$ticket_subject\" has been marked as solved and is pending closure.<br><br>$details<br><br> If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key\'>re-open</a> to let us know! <br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Portal: https://$base_url/client/ticket.php?id=$ticket_id<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
@ -1166,8 +1148,6 @@ if (isset($_POST['bulk_resolve_tickets'])) {
$data = [];
// Email Ticket Contact
// Queue Mail
@ -1205,14 +1185,14 @@ if (isset($_POST['bulk_resolve_tickets'])) {
} // End Loop
} // End Array Empty Check
$_SESSION['alert_message'] = "Resolved <strong>$ticket_count</strong> Tickets";
flash_alert("Resolved <strong>$ticket_count</strong> Tickets");
if ($skipped_count > 0) {
$_SESSION['alert_type'] = "info";
$_SESSION['alert_message'] .= " <strong>$skipped_count</strong> ticket(s) could not be resolved because they have open tasks.";
flash_alert("Resolved <strong>$ticket_count</strong> Tickets <strong>$skipped_count</strong> ticket(s) could not be resolved because they have open tasks.", 'info';
}
redirect();
}
if (isset($_POST['bulk_ticket_reply'])) {
@ -1257,7 +1237,6 @@ if (isset($_POST['bulk_ticket_reply'])) {
// Update Ticket Status
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
// Custom action/notif handler
@ -1360,9 +1339,10 @@ if (isset($_POST['bulk_ticket_reply'])) {
}
$_SESSION['alert_message'] = "Updated <strong>$ticket_count</strong> tickets";
flash_alert("Updated <strong>$ticket_count</strong> tickets");
redirect();
}
@ -1400,26 +1380,25 @@ if (isset($_POST['bulk_add_ticket_project'])) {
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id);
} // End For Each Ticket ID Loop
$_SESSION['alert_message'] = "<strong>$ticket_count</strong> Tickets added to Project <strong>$project_name</strong>";
flash_alert("<strong>$ticket_count</strong> Tickets added to Project <strong>$project_name</strong>");
}
redirect();
}
if (isset($_POST['bulk_add_asset_ticket'])) {
enforceUserPermission('module_support', 2);
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['bulk_client']);
$assigned_to = intval($_POST['bulk_assigned_to']);
if ($assigned_to == 0) {
@ -1521,14 +1500,14 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
customAction('ticket_create', $ticket_id);
}
// Logging
logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count");
$_SESSION['alert_message'] = "You created <b>$asset_count</b> tickets for the selected assets";
flash_alert("You created <b>$asset_count</b> tickets for the selected assets");
}
redirect();
}
@ -1566,7 +1545,6 @@ if (isset($_POST['add_ticket_reply'])) {
if ($ticket_status == 4) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id);
}
@ -1680,16 +1658,16 @@ if (isset($_POST['add_ticket_reply'])) {
customAction('reply_reply_agent_public', $ticket_id);
}
$_SESSION['alert_message'] = "Ticket <strong>$ticket_prefix$ticket_number</strong> has been updated with your reply and was <strong>$ticket_reply_type</strong>";
flash_alert("Ticket <strong>$ticket_prefix$ticket_number</strong> has been updated with your reply and was <strong>$ticket_reply_type</strong>");
} else {
$_SESSION['alert_message'] = "Ticket updated";
flash_alert("Ticket updated");
}
// Logging
logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
redirect();
}
if (isset($_POST['edit_ticket_reply'])) {
@ -1705,12 +1683,12 @@ if (isset($_POST['edit_ticket_reply'])) {
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
// Logging
logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id);
$_SESSION['alert_message'] = "Ticket reply updated";
flash_alert("Ticket reply updated");
redirect();
}
if (isset($_POST['redact_ticket_reply'])) {
@ -1724,12 +1702,12 @@ if (isset($_POST['redact_ticket_reply'])) {
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
// Logging
logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
$_SESSION['alert_message'] = "Ticket reply redacted";
flash_alert("Ticket reply redacted");
redirect();
}
if (isset($_GET['archive_ticket_reply'])) {
@ -1740,13 +1718,12 @@ if (isset($_GET['archive_ticket_reply'])) {
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
// Logging
logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Ticket reply archived";
flash_alert("Ticket reply archived", 'error');
redirect();
}
if (isset($_POST['merge_ticket'])) {
@ -1762,9 +1739,8 @@ if (isset($_POST['merge_ticket'])) {
// Get current ticket details
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id");
if (mysqli_num_rows($sql) == 0) {
$_SESSION['alert_message'] = "No ticket with that ID found.";
flash_alert("No ticket with that ID found.", 'error');
redirect();
exit();
}
// CURRENT ticket details
$row = mysqli_fetch_array($sql);
@ -1777,18 +1753,16 @@ if (isset($_POST['merge_ticket'])) {
// Get merge into ticket id (as it may differ from the number)
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
$_SESSION['alert_message'] = "Cannot merge into that ticket.";
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
exit();
}
$merge_row = mysqli_fetch_array($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']);
// Sanity check
if ($ticket_number == $merge_into_ticket_number) {
$_SESSION['alert_message'] = "Cannot merge into the same ticket.";
flash_alert("Cannot merge into the same ticket.", 'error');
redirect();
exit();
}
// Move ticket replies from child > parent
@ -1798,20 +1772,22 @@ if (isset($_POST['merge_ticket'])) {
// Update current ticket
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into <a href=\"ticket.php?ticket_id=$merge_into_ticket_id\">$ticket_prefix$merge_into_ticket_number</a>. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
//Update new parent ticket
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.<br><br><b>$ticket_subject</b><br>$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id");
mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id");
// Logging
logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number");
customAction('ticket_merge', $ticket_id);
$_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number";
flash_alert("Ticket merged into $ticket_prefix$merge_into_ticket_number");
redirect();
}
if (isset($_POST['change_client_ticket'])) {
@ -1828,28 +1804,26 @@ if (isset($_POST['change_client_ticket'])) {
// Update ticket client & contact
mysqli_query($mysqli, "UPDATE tickets SET ticket_client_id = $client_id, ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id LIMIT 1");
// Logging
logAction("Ticket", "Change", "$session_name changed ticket client", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
$_SESSION['alert_message'] = "Ticket client updated";
flash_alert("Ticket client updated");
redirect();
}
if (isset($_GET['resolve_ticket'])) {
enforceUserPermission('module_support', 2);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$ticket_id = intval($_GET['resolve_ticket']);
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Resolved", "$session_name resolved ticket ID $ticket_id", 0, $ticket_id);
customAction('ticket_resolve', $ticket_id);
@ -1929,24 +1903,24 @@ if (isset($_GET['resolve_ticket'])) {
}
//End Mail IF
$_SESSION['alert_message'] = "Ticket resolved";
flash_alert("Ticket resolved");
redirect();
}
if (isset($_GET['close_ticket'])) {
enforceUserPermission('module_support', 2);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$ticket_id = intval($_GET['close_ticket']);
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", 0, $ticket_id);
customAction('ticket_close', $ticket_id);
@ -2022,8 +1996,10 @@ if (isset($_GET['close_ticket'])) {
}
//End Mail IF
$_SESSION['alert_message'] = "Ticket Closed, this cannot not be reopened but you may start another one";
flash_alert("Ticket Closed, this cannot not be reopened but you may start another one");
redirect();
}
if (isset($_GET['reopen_ticket'])) {
@ -2034,13 +2010,14 @@ if (isset($_GET['reopen_ticket'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", 0, $ticket_id);
customAction('ticket_update', $ticket_id);
$_SESSION['alert_message'] = "Ticket re-opened";
flash_alert("Ticket re-opened");
redirect();
}
if (isset($_POST['add_invoice_from_ticket'])) {
@ -2139,12 +2116,12 @@ if (isset($_POST['add_invoice_from_ticket'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
// Logging
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Invoice $config_invoice_prefix$invoice_number created from ticket";
flash_alert("Invoice $config_invoice_prefix$invoice_number created from ticket");
redirect("invoice.php?invoice_id=$invoice_id");
header("Location: invoice.php?invoice_id=$invoice_id");
}
if (isset($_POST['export_tickets_csv'])) {
@ -2193,6 +2170,7 @@ if (isset($_POST['export_tickets_csv'])) {
fpassthru($f);
}
exit;
}
if (isset($_POST['add_recurring_ticket'])) {
@ -2215,12 +2193,12 @@ if (isset($_POST['add_recurring_ticket'])) {
}
}
// Logging
logAction("Recurring Ticket", "Create", "$session_name created recurring ticket for $subject - $frequency", $client_id, $recurring_ticket_id);
$_SESSION['alert_message'] = "Recurring ticket <strong>$subject - $frequency</strong> created";
flash_alert("Recurring ticket <strong>$subject - $frequency</strong> created");
redirect();
}
if (isset($_POST['edit_recurring_ticket'])) {
@ -2243,19 +2221,20 @@ if (isset($_POST['edit_recurring_ticket'])) {
}
}
// Logging
logAction("Recurring Ticket", "Edit", "$session_name edited recurring ticket $subject", $client_id, $recurring_ticket_id);
$_SESSION['alert_message'] = "Recurring ticket <strong>$subject - $frequency</strong> updated";
flash_alert("Recurring ticket <strong>$subject - $frequency</strong> updated");
redirect();
}
if (isset($_GET['force_recurring_ticket'])) {
enforceUserPermission('module_support', 2);
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$recurring_ticket_id = intval($_GET['force_recurring_ticket']);
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
@ -2369,16 +2348,14 @@ if (isset($_GET['force_recurring_ticket'])) {
$next_run = $next_run->format('Y-m-d');
mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_next_run = '$next_run' WHERE recurring_ticket_id = $recurring_ticket_id");
// Logging
logAction("Ticket", "Create", "$session_name force created recurring scheduled $frequency ticket - $config_ticket_prefix$ticket_number - $subject", $client_id, $id);
$_SESSION['alert_message'] = "Recurring Ticket Forced";
flash_alert("Recurring Ticket Forced");
redirect();
} else {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Recurring Ticket Force failed";
flash_alert("Recurring Ticket Force failed", 'error');
redirect();
}
@ -2386,9 +2363,10 @@ if (isset($_GET['force_recurring_ticket'])) {
if (isset($_GET['delete_recurring_ticket'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$recurring_ticket_id = intval($_GET['delete_recurring_ticket']);
// Get Scheduled Ticket Subject Ticket Prefix, Number and Client ID for logging and alert message
@ -2402,20 +2380,20 @@ if (isset($_GET['delete_recurring_ticket'])) {
// Delete
mysqli_query($mysqli, "DELETE FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
// Logging
logAction("Recurring Ticket", "Delete", "$session_name deleted recurring ticket $subject", $client_id, $recurring_ticket_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Recurring ticket <strong>$subject - $frequency</strong> deleted";
flash_alert("Recurring ticket <strong>$subject - $frequency</strong> deleted", 'error');
redirect();
}
if (isset($_POST['bulk_delete_recurring_tickets'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['recurring_ticket_ids'])) {
$count = count($_POST['recurring_ticket_ids']);
@ -2426,18 +2404,17 @@ if (isset($_POST['bulk_delete_recurring_tickets'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
mysqli_query($mysqli, "DELETE FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
// Logging
logAction("Recurring Ticket", "Delete", "$session_name deleted recurring ticket", 0, $recurring_ticket_id);
}
// Logging
logAction("Recurring Ticket", "Bulk Delete", "$session_name deleted $count recurring ticket(s)");
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> recurring ticket(s)";
flash_alert("Deleted <strong>$count</strong> recurring ticket(s)", 'error');
}
redirect();
}
if (isset($_POST['edit_ticket_billable_status'])) {
@ -2460,12 +2437,12 @@ if (isset($_POST['edit_ticket_billable_status'])) {
mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Ticket marked <strong>$billable_wording Billable</strong>";
flash_alert("Ticket marked <strong>$billable_wording Billable</strong>");
redirect();
}
if (isset($_POST['edit_ticket_schedule'])) {
@ -2619,18 +2596,17 @@ if (isset($_POST['edit_ticket_schedule'])) {
$ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).');
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id);
customAction('ticket_schedule', $ticket_id);
if (empty($conflicting_tickets)) {
$_SESSION['alert_message'] = "Ticket scheduled for $email_datetime";
flash_alert("Ticket scheduled for $email_datetime");
redirect();
} else {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time: <br>" . implode(", <br>", $conflicting_tickets);
header("Location: calendar.php");
flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time: <br>" . implode(", <br>", $conflicting_tickets), 'error');
redirect("calendar.php");
}
}
@ -2771,12 +2747,12 @@ if (isset($_GET['cancel_ticket_schedule'])) {
$ticket_reply_note = "Ticket schedule cancelled.";
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id);
customAction('ticket_unschedule', $ticket_id);
$_SESSION['alert_message'] = "Ticket schedule cancelled";
flash_alert("Ticket schedule cancelled", 'error');
redirect();
}

11
user/post/transfer.php
View File

@ -33,10 +33,9 @@ if (isset($_POST['add_transfer'])) {
$transfer_id = mysqli_insert_id($mysqli);
// Logging
logAction("Account Transfer", "Create", "$session_name transferred " . numfmt_format_currency($currency_format, $amount, $account_currency_code) . " from account $source_account_name to $destination_account_name", 0, $transfer_id);
$_SESSION['alert_message'] = "Transferred <strong>" . numfmt_format_currency($currency_format, $amount, $account_currency_code) . "</strong> from <strong>$source_account_name</strong> to <strong>$destination_account_name</strong>";
flash_alert("Transferred <strong>" . numfmt_format_currency($currency_format, $amount, $account_currency_code) . "</strong> from <strong>$source_account_name</strong> to <strong>$destination_account_name</strong>");
redirect();
@ -48,7 +47,6 @@ if (isset($_POST['edit_transfer'])) {
require_once 'transfer_model.php';
$transfer_id = intval($_POST['transfer_id']);
$expense_id = intval($_POST['expense_id']);
$revenue_id = intval($_POST['revenue_id']);
@ -59,10 +57,9 @@ if (isset($_POST['edit_transfer'])) {
mysqli_query($mysqli,"UPDATE transfers SET transfer_method = '$transfer_method', transfer_notes = '$notes' WHERE transfer_id = $transfer_id");
// Logging
logAction("Account Transfer", "Edit", "$session_name edited transfer", 0, $transfer_id);
$_SESSION['alert_message'] = "Transfer edited";
flash_alert("Transfer edited");
redirect();
@ -85,11 +82,9 @@ if (isset($_GET['delete_transfer'])) {
mysqli_query($mysqli,"DELETE FROM transfers WHERE transfer_id = $transfer_id");
// Logging
logAction("Account Transfer", "Delete", "$session_name deleted transfer");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Transfer deleted";
flash_alert("Transfer deleted", 'error');
redirect();

12
user/post/trip.php
View File

@ -10,15 +10,13 @@ if (isset($_POST['add_trip'])) {
require_once 'trip_model.php';
mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id");
$trip_id = mysqli_insert_id($mysqli);
// Logging
logAction("Trip", "Create", "$session_name logged trip from $source to $destination", $client_id , $trip_id);
$_SESSION['alert_message'] = "Trip from <strong>$source</strong> to <strong>$destination</strong> logged";
flash_alert("Trip from <strong>$source</strong> to <strong>$destination</strong> logged");
redirect();
@ -32,10 +30,9 @@ if (isset($_POST['edit_trip'])) {
mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_user_id = $user_id, trip_client_id = $client_id WHERE trip_id = $trip_id");
// Logging
logAction("Trip", "Edit", "$session_name edited trip", $client_id , $trip_id);
$_SESSION['alert_message'] = "Trip edited";
flash_alert("Trip edited");
redirect();
@ -53,11 +50,9 @@ if (isset($_GET['delete_trip'])) {
mysqli_query($mysqli,"DELETE FROM trips WHERE trip_id = $trip_id");
// Logging
logAction("Trip", "Delete", "$session_name deleted trip ($trip_source - $trip_destination)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Trip ($trip_source - $trip_destination) deleted";
flash_alert("Trip ($trip_source - $trip_destination) deleted", 'error');
redirect();
@ -119,7 +114,6 @@ if (isset($_POST['export_trips_csv'])) {
//output all remaining data on a file pointer
fpassthru($f);
// Logging
logAction("Trip", "Export", "$session_name exported $count trip(s) to a CSV file");
}
exit;

62
user/post/vendor.php
View File

@ -36,10 +36,9 @@ if (isset($_POST['add_vendor_from_template'])) {
$vendor_id = mysqli_insert_id($mysqli);
// Logging
logAction("Vendor", "Create", "$session_name created vendor $name using a template", $client_id, $vendor_id);
$_SESSION['alert_message'] = "Vendor <strong>$name</strong> created from template";
flash_alert("Vendor <strong>$name</strong> created from template");
redirect();
@ -57,12 +56,12 @@ if (isset($_POST['add_vendor'])) {
$vendor_id = mysqli_insert_id($mysqli);
// Logging
logAction("Vendor", "Create", "$session_name created vendor $name", $client_id, $vendor_id);
$_SESSION['alert_message'] = "Vendor <strong>$name</strong> created";
flash_alert("Vendor <strong>$name</strong> created");
redirect();
}
if (isset($_POST['edit_vendor'])) {
@ -73,21 +72,20 @@ if (isset($_POST['edit_vendor'])) {
$vendor_template_id = intval($_POST['vendor_template_id']);
// Get Client ID
$sql_vendor = mysqli_query($mysqli,"SELECT vendor_client_id FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql_vendor);
$client_id = intval($row['vendor_client_id']);
$client_id = intval(getFieldById('vendors', $vendor_id, 'vendor_client_id'));
mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone_country_code = '$phone_country_code', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code',vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template_id = $vendor_template_id WHERE vendor_id = $vendor_id");
// Logging
logAction("Vendor", "Edit", "$session_name edited vendor $name", $client_id, $vendor_id);
$_SESSION['alert_message'] = "Vendor <strong>$name</strong> edited";
flash_alert("Vendor <strong>$name</strong> edited");
redirect();
}
if (isset($_GET['archive_vendor'])) {
$vendor_id = intval($_GET['archive_vendor']);
//Get Vendor Name
@ -98,13 +96,12 @@ if (isset($_GET['archive_vendor'])) {
mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id");
// Logging
logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> archived";
flash_alert("Vendor <strong>$vendor_name</strong> archived", 'error');
redirect();
}
if(isset($_GET['unarchive_vendor'])){
@ -119,15 +116,16 @@ if(isset($_GET['unarchive_vendor'])){
mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id");
// Logging
logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id);
$_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> restored";
flash_alert("Vendor <strong>$vendor_name</strong> restored");
redirect();
}
if (isset($_GET['delete_vendor'])) {
$vendor_id = intval($_GET['delete_vendor']);
//Get Vendor Name
@ -144,18 +142,19 @@ if (isset($_GET['delete_vendor'])) {
mysqli_query($mysqli,"DELETE FROM vendors WHERE vendor_id = $vendor_id");
// Logging
logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> deleted";
flash_alert("Vendor <strong>$vendor_name</strong> deleted", 'error');
redirect();
}
if (isset($_POST['bulk_archive_vendors'])) {
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
@ -175,24 +174,24 @@ if (isset($_POST['bulk_archive_vendors'])) {
mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id");
// Individual Contact logging
logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id);
}
// Bulk Logging
logAction("Vendor", "Bulk Archive", "$session_name archived $count vendor(s)");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> vendor(s)";
flash_alert("Archived <strong>$count</strong> vendor(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_vendors'])) {
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
@ -212,25 +211,26 @@ if (isset($_POST['bulk_unarchive_vendors'])) {
mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id");
// Individual logging
logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id);
}
// Bulk Logging
logAction("Vendor", "Bulk Unarchive", "$session_name unarchived $count vendor(s)");
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> vendor(s)";
flash_alert("Unarchived <strong>$count</strong> vendor(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_vendors'])) {
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
// Get Selected Count
@ -255,20 +255,18 @@ if (isset($_POST['bulk_delete_vendors'])) {
mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id");
// Logging
logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id);
}
// Bulk Logging
logAction("Vendor", "Bulk Delete", "$session_name deleted $count vendor(s)");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> vendor(s)";
flash_alert("Deleted <strong>$count</strong> vendor(s)", 'error');
}
redirect();
}
if (isset($_POST['export_vendors_csv'])) {
@ -312,8 +310,8 @@ if (isset($_POST['export_vendors_csv'])) {
fpassthru($f);
}
// Logging
logAction("Vendor", "Export", "$session_name exported $count vendor(s) to a CSV file");
exit;
}

63
user/post/vendor_contact.php
View File

@ -16,12 +16,11 @@ if (isset($_POST['add_vendor_contact'])) {
$vendor_contact_id = mysqli_insert_id($mysqli);
// Logging
logAction("Vendor Contact", "Create", "$session_name created vendor contact $name", $client_id, $vendor_contact_id);
customAction('vendor_contact_create', $vendor_contact_id);
$_SESSION['alert_message'] = "Vendor Contact <strong>$name</strong> created";
flash_alert("Vendor Contact <strong>$name</strong> created");
redirect();
@ -37,12 +36,11 @@ if (isset($_POST['edit_vendor_contact'])) {
mysqli_query($mysqli,"UPDATE vendor_contacts SET vendor_contact_name = '$name', vendor_contact_title = '$title', vendor_contact_phone = '$phone', vendor_contact_extension = '$extension', vendor_contact_mobile = '$mobile', vendor_contact_email = '$email', contact_pin = '$pin', vendor_contact_notes = '$notes', vendor_contact_department = '$department' WHERE vendor_contact_id = $vendor_contact_id");
//Logging
logAction("Vendor Contact", "Edit", "$session_name edited vendor contact $name", $client_id, $vendor_contact_id);
customAction('vendor_contact_update', $vendor_contact_id);
$_SESSION['alert_message'] = "Vendor Contact <strong>$name</strong> updated";
flash_alert("Vendor Contact <strong>$name</strong> updated");
redirect();
@ -50,10 +48,10 @@ if (isset($_POST['edit_vendor_contact'])) {
if (isset($_POST['bulk_archive_vendor_contacts'])) {
enforceUserPermission('module_client', 2);
//validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
if (isset($_POST['vendor_contact_ids'])) {
$count = 0; // Default 0
@ -71,22 +69,22 @@ if (isset($_POST['bulk_archive_vendor_contacts'])) {
}
// Bulk Logging
logAction("Vendor Contact", "Bulk Archive", "$session_name archived $count vendor contacts", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> vendor contact(s)";
flash_alert("Archived <strong>$count</strong> vendor contact(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_vendor_contacts'])) {
enforceUserPermission('module_client', 2);
//validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
@ -111,26 +109,26 @@ if (isset($_POST['bulk_unarchive_vendor_contacts'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id");
// Individual Contact logging
logAction("Contact", "Unarchive", "$session_name unarchived $contact_name", $client_id, $contact_id);
}
// Bulk Logging
logAction("Contact", "Bulk Unarchive", "$session_name Unarchived $count contacts", $client_id);
$_SESSION['alert_message'] = "You unarchived <strong>$count</strong> contact(s)";
flash_alert("You unarchived <strong>$count</strong> contact(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_vendor_contacts'])) {
enforceUserPermission('module_client', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 3);
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
@ -163,19 +161,18 @@ if (isset($_POST['bulk_delete_vendor_contacts'])) {
mysqli_query($mysqli, "DELETE FROM contact_logins WHERE contact_id = $contact_id");
mysqli_query($mysqli, "DELETE FROM contact_notes WHERE contact_note_contact_id = $contact_id");
// Individual Logging
logAction("Contact", "Delete", "$session_name deleted $contact_name", $client_id);
}
// Bulk Logging
logAction("Contact", "Bulk Delete", "$session_name deleted $count contacts", $client_id);
$_SESSION['alert_message'] = "You deleted <strong>$count</strong> contact(s)";
flash_alert("You deleted <strong>$count</strong> contact(s)", 'error');
}
redirect();
}
@ -199,12 +196,9 @@ if (isset($_GET['archive_vendor_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_important = 0, contact_billing = 0, contact_technical = 0, contact_archived_at = NOW() WHERE contact_id = $contact_id");
// Logging
logAction("Contact", "Archive", "$session_name archived contact $contact_name", $client_id, $contact_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> has been archived";
flash_alert("Contact <strong>$contact_name</strong> has been archived", 'alert');
redirect();
@ -230,10 +224,9 @@ if (isset($_GET['unarchive_vendor_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id");
// logging
logAction("Contact", "Unarchive", "$session_name unarchived contact $contact_name", $client_id, $contact_id);
$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> has been Unarchived";
flash_alert("Contact <strong>$contact_name</strong> has been Unarchived");
redirect();
@ -267,17 +260,14 @@ if (isset($_GET['delete_vendor_contact'])) {
mysqli_query($mysqli, "DELETE FROM contact_logins WHERE contact_id = $contact_id");
mysqli_query($mysqli, "DELETE FROM contact_notes WHERE contact_note_contact_id = $contact_id");
//Logging
logAction("Contact", "Delete", "$session_name deleted contact $contact_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> has been deleted.";
flash_alert("Contact <strong>$contact_name</strong> has been deleted.", 'error');
redirect();
}
if (isset($_POST['export_vendor_contacts_csv'])) {
enforceUserPermission('module_client');
@ -323,7 +313,6 @@ if (isset($_POST['export_vendor_contacts_csv'])) {
}
//Logging
logAction("Contact", "Export", "$session_name exported $num_rows contact(s) to a CSV file", $client_id);
exit;
@ -340,10 +329,8 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
$_SESSION['alert_message'] = "Please select a file to upload.";
$_SESSION['alert_type'] = "error";
flash_alert("Please select a file to upload.", 'error');
redirect();
exit();
}
//Check file is CSV
@ -351,13 +338,13 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
$allowed_file_extensions = array('csv');
if (in_array($file_extension,$allowed_file_extensions) === false) {
$error = true;
$_SESSION['alert_message'] = "Bad file extension";
flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif ($_FILES["file"]["size"] < 1) {
$error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@ -365,7 +352,7 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 8) {
$error = true;
$_SESSION['alert_message'] = "Bad column count.";
flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@ -408,7 +395,6 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
}
// Potentially import the rest in the future?
// Check if duplicate was detected
if ($duplicate_detect == 0) {
//Add
@ -420,20 +406,21 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
}
fclose($file);
//Logging
logAction("Contact", "Import", "$session_name imported $row_count contact(s) via CSV file", $client_id);
$_SESSION['alert_message'] = "$row_count Contact(s) added, $duplicate_count duplicate(s) detected";
flash_alert("$row_count Contact(s) added, $duplicate_count duplicate(s) detected", 'warning');
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
$_SESSION['alert_type'] = "warning";
redirect();
}
}
if (isset($_GET['download_vendor_contacts_csv_template'])) {
$client_id = intval($_GET['download_client_contacts_csv_template']);
//get records from database