diff --git a/user/post/ticket.php b/user/post/ticket.php index 0e228ded..0da93a27 100644 --- a/user/post/ticket.php +++ b/user/post/ticket.php @@ -180,12 +180,12 @@ if (isset($_POST['add_ticket'])) { // Custom action/notif handler customAction('ticket_create', $ticket_id); - // Logging logAction("Ticket", "Create", "$session_name created ticket $config_ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Ticket $config_ticket_prefix$ticket_number created"; + flash_alert("Ticket $config_ticket_prefix$ticket_number created"); + + redirect("ticket.php?ticket_id=$ticket_id"); - header("Location: ticket.php?ticket_id=$ticket_id"); } if (isset($_POST['edit_ticket'])) { @@ -287,12 +287,12 @@ if (isset($_POST['edit_ticket'])) { // Custom action/notif handler customAction('ticket_update', $ticket_id); - // Logging logAction("Ticket", "Edit", "$session_name edited ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number updated"; + flash_alert("Ticket $ticket_prefix$ticket_number updated"); redirect(); + } if (isset($_POST['edit_ticket_priority'])) { @@ -322,14 +322,14 @@ if (isset($_POST['edit_ticket_priority'])) { // Update Ticket History mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); customAction('ticket_update', $ticket_id); - $_SESSION['alert_message'] = "Priority updated from $original_priority to $priority"; + flash_alert("Priority updated from $original_priority to $priority"); redirect(); + } if (isset($_POST['edit_ticket_contact'])) { @@ -408,12 +408,12 @@ if (isset($_POST['edit_ticket_contact'])) { // Update Ticket History mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed the contact from $original_contact_name to $contact_name', ticket_history_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name changed the contact from $original_contact_name to $contact_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Contact changed from $original_contact_name to $contact_name"; + flash_alert("Contact changed from $original_contact_name to $contact_name"); redirect(); + } if (isset($_POST['add_ticket_watcher'])) { @@ -483,15 +483,15 @@ if (isset($_POST['add_ticket_watcher'])) { addToMailQueue($data); } - // Logging logAction("Ticket", "Edit", "$session_name added $watcher_email as a watcher for ticket $config_ticket_prefix$ticket_number", $client_id, $ticket_id); } } - $_SESSION['alert_message'] = "Added watcher(s)"; + flash_alert("Added watcher(s)"); redirect(); + } if (isset($_GET['delete_ticket_watcher'])) { @@ -520,13 +520,12 @@ if (isset($_GET['delete_ticket_watcher'])) { // History mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed ticket $watcher_email as a watcher', ticket_history_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name removed $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Removed ticket watcher $watcher_email"; + flash_alert("Removed ticket watcher $watcher_email", 'error'); redirect(); + } if (isset($_GET['delete_ticket_additional_asset'])) { @@ -555,13 +554,12 @@ if (isset($_GET['delete_ticket_additional_asset'])) { // History mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Removed asset $asset_name from ticket."; + flash_alert("Removed asset $asset_name from ticket.", 'error'); redirect(); + } if (isset($_POST['edit_ticket_asset'])) { @@ -587,12 +585,12 @@ if (isset($_POST['edit_ticket_asset'])) { $asset_name = sanitizeInput($row['asset_name']); $client_id = intval($row['ticket_client_id']); - // Logging logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number asset updated to $asset_name"; + flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name"); redirect(); + } if (isset($_POST['edit_ticket_vendor'])) { @@ -618,12 +616,12 @@ if (isset($_POST['edit_ticket_vendor'])) { $vendor_name = sanitizeInput($row['vendor_name']); $client_id = intval($row['ticket_client_id']); - // Logging logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number"; + flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number"); redirect(); + } if (isset($_POST['assign_ticket'])) { @@ -654,10 +652,8 @@ if (isset($_POST['assign_ticket'])) { $ticket_reply = "Ticket re-assigned to $agent_name."; if (!$agent_name) { - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Invalid agent!"; + flash_alert("Invalid agent!", 'error'); redirect(); - exit(); } } @@ -672,10 +668,8 @@ if (isset($_POST['assign_ticket'])) { $client_name = sanitizeInput($ticket_details['client_name']); if (!$ticket_subject) { - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Invalid ticket!"; + flash_alert("Invalid ticket!", 'error'); redirect(); - exit(); } // Update ticket & insert reply @@ -683,7 +677,6 @@ if (isset($_POST['assign_ticket'])) { mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); @@ -722,18 +715,18 @@ if (isset($_POST['assign_ticket'])) { customAction('ticket_assign', $ticket_id); - $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number assigned to $agent_name"; + flash_alert("Ticket $ticket_prefix$ticket_number assigned to $agent_name"); redirect(); + } if (isset($_GET['delete_ticket'])) { - enforceUserPermission('module_support', 3); - - // CSRF Check validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 3); + $ticket_id = intval($_GET['delete_ticket']); // Get Ticket and Client ID for logging and alert message @@ -764,23 +757,23 @@ if (isset($_GET['delete_ticket'])) { // No Need to delete ticket assets as this is cascadely deleted via the database. - // Logging logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number along with all replies deleted"; + flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error'); customAction('ticket_delete', $ticket_id); - header("Location: tickets.php"); + redirect("tickets.php"); } + } if (isset($_POST['bulk_delete_tickets'])) { - enforceUserPermission('module_support', 3); validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 3); + if (isset($_POST['ticket_ids'])) { $count = count($_POST['ticket_ids']); @@ -806,18 +799,17 @@ if (isset($_POST['bulk_delete_tickets'])) { // No Need to delete ticket assets as this is cascadely deleted via the database. - // Logging logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id); } - // Logging logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)"); - $_SESSION['alert_message'] = "Deleted $count ticket(s)"; + flash_alert("Deleted $count ticket(s)", 'error'); } redirect(); + } if (isset($_POST['bulk_assign_ticket'])) { @@ -863,10 +855,8 @@ if (isset($_POST['bulk_assign_ticket'])) { $ticket_reply = "Ticket re-assigned to $agent_name."; if (!$agent_name) { - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Invalid agent!"; + flash_alert("Invalid agent!", 'error'); redirect(); - exit(); } } @@ -875,7 +865,6 @@ if (isset($_POST['bulk_assign_ticket'])) { mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); customAction('ticket_assign', $ticket_id); @@ -917,9 +906,10 @@ if (isset($_POST['bulk_assign_ticket'])) { } } - $_SESSION['alert_message'] = "You assigned $ticket_count Tickets to $agent_name"; + flash_alert("You assigned $ticket_count Tickets to $agent_name"); redirect(); + } if (isset($_POST['bulk_edit_ticket_priority'])) { @@ -952,19 +942,18 @@ if (isset($_POST['bulk_edit_ticket_priority'])) { mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id); customAction('ticket_update', $ticket_id); } // End For Each Ticket ID Loop - // Logging logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count"); - $_SESSION['alert_message'] = "You updated the priority for $ticket_count Tickets to $priority"; + flash_alert("You updated the priority for $ticket_count Tickets to $priority"); } redirect(); + } if (isset($_POST['bulk_edit_ticket_category'])) { @@ -993,26 +982,23 @@ if (isset($_POST['bulk_edit_ticket_category'])) { $client_id = intval($row['ticket_client_id']); // Get Category Name - $sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_id = $category_id"); - $row = mysqli_fetch_array($sql); - $category_name = sanitizeInput($row['category_name']); + $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name')); // Update ticket mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id); customAction('ticket_update', $ticket_id); } // End For Each Ticket ID Loop - // Logging logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count"); - $_SESSION['alert_message'] = "Category set to $category_name for $ticket_count Tickets"; + flash_alert("Category set to $category_name for $ticket_count Tickets"); } redirect(); + } if (isset($_POST['bulk_merge_tickets'])) { @@ -1027,9 +1013,8 @@ if (isset($_POST['bulk_merge_tickets'])) { // Get merge into ticket id (as it may differ from the number) $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); if (mysqli_num_rows($sql) == 0) { - $_SESSION['alert_message'] = "Cannot merge into that ticket."; + flash_alert("Cannot merge into that ticket.", 'error'); redirect(); - exit(); } $merge_row = mysqli_fetch_array($sql); $merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID @@ -1061,7 +1046,6 @@ if (isset($_POST['bulk_merge_tickets'])) { //Update new parent ticket mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = 'Internal', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); - // Logging logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number", $client_id, $ticket_id); // Custom action/notif handler @@ -1072,7 +1056,7 @@ if (isset($_POST['bulk_merge_tickets'])) { mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); - $_SESSION['alert_message'] = "$ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number"; + flash_alert("$ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number"); } @@ -1127,7 +1111,6 @@ if (isset($_POST['bulk_resolve_tickets'])) { mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); customAction('ticket_resolve', $ticket_id); @@ -1156,7 +1139,6 @@ if (isset($_POST['bulk_resolve_tickets'])) { $company_name = sanitizeInput($row['company_name']); $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - // EMAIL $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding \"$ticket_subject\" has been marked as solved and is pending closure.

$details

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$base_url/client/ticket.php?id=$ticket_id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; @@ -1166,8 +1148,6 @@ if (isset($_POST['bulk_resolve_tickets'])) { $data = []; - - // Email Ticket Contact // Queue Mail @@ -1205,14 +1185,14 @@ if (isset($_POST['bulk_resolve_tickets'])) { } // End Loop } // End Array Empty Check - $_SESSION['alert_message'] = "Resolved $ticket_count Tickets"; + flash_alert("Resolved $ticket_count Tickets"); if ($skipped_count > 0) { - $_SESSION['alert_type'] = "info"; - $_SESSION['alert_message'] .= " $skipped_count ticket(s) could not be resolved because they have open tasks."; + flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info'; } redirect(); + } if (isset($_POST['bulk_ticket_reply'])) { @@ -1257,7 +1237,6 @@ if (isset($_POST['bulk_ticket_reply'])) { // Update Ticket Status mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); // Custom action/notif handler @@ -1360,9 +1339,10 @@ if (isset($_POST['bulk_ticket_reply'])) { } - $_SESSION['alert_message'] = "Updated $ticket_count tickets"; + flash_alert("Updated $ticket_count tickets"); redirect(); + } @@ -1400,26 +1380,25 @@ if (isset($_POST['bulk_add_ticket_project'])) { // Update ticket & insert reply mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id); } // End For Each Ticket ID Loop - $_SESSION['alert_message'] = "$ticket_count Tickets added to Project $project_name"; + flash_alert("$ticket_count Tickets added to Project $project_name"); } redirect(); + } if (isset($_POST['bulk_add_asset_ticket'])) { - enforceUserPermission('module_support', 2); - - // CSRF Check validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); + $client_id = intval($_POST['bulk_client']); $assigned_to = intval($_POST['bulk_assigned_to']); if ($assigned_to == 0) { @@ -1521,14 +1500,14 @@ if (isset($_POST['bulk_add_asset_ticket'])) { customAction('ticket_create', $ticket_id); } - // Logging logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count"); - $_SESSION['alert_message'] = "You created $asset_count tickets for the selected assets"; + flash_alert("You created $asset_count tickets for the selected assets"); } redirect(); + } @@ -1566,7 +1545,6 @@ if (isset($_POST['add_ticket_reply'])) { if ($ticket_status == 4) { mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id); } @@ -1680,16 +1658,16 @@ if (isset($_POST['add_ticket_reply'])) { customAction('reply_reply_agent_public', $ticket_id); } - $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type"; + flash_alert("Ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type"); } else { - $_SESSION['alert_message'] = "Ticket updated"; + flash_alert("Ticket updated"); } - // Logging logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); redirect(); + } if (isset($_POST['edit_ticket_reply'])) { @@ -1705,12 +1683,12 @@ if (isset($_POST['edit_ticket_reply'])) { mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli)); - // Logging logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id); - $_SESSION['alert_message'] = "Ticket reply updated"; + flash_alert("Ticket reply updated"); redirect(); + } if (isset($_POST['redact_ticket_reply'])) { @@ -1724,12 +1702,12 @@ if (isset($_POST['redact_ticket_reply'])) { mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id"); - // Logging logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id); - $_SESSION['alert_message'] = "Ticket reply redacted"; + flash_alert("Ticket reply redacted"); redirect(); + } if (isset($_GET['archive_ticket_reply'])) { @@ -1740,13 +1718,12 @@ if (isset($_GET['archive_ticket_reply'])) { mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id"); - // Logging logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Ticket reply archived"; + flash_alert("Ticket reply archived", 'error'); redirect(); + } if (isset($_POST['merge_ticket'])) { @@ -1762,9 +1739,8 @@ if (isset($_POST['merge_ticket'])) { // Get current ticket details $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id"); if (mysqli_num_rows($sql) == 0) { - $_SESSION['alert_message'] = "No ticket with that ID found."; + flash_alert("No ticket with that ID found.", 'error'); redirect(); - exit(); } // CURRENT ticket details $row = mysqli_fetch_array($sql); @@ -1777,18 +1753,16 @@ if (isset($_POST['merge_ticket'])) { // Get merge into ticket id (as it may differ from the number) $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); if (mysqli_num_rows($sql) == 0) { - $_SESSION['alert_message'] = "Cannot merge into that ticket."; + flash_alert("Cannot merge into that ticket.", 'error'); redirect(); - exit(); } $merge_row = mysqli_fetch_array($sql); $merge_into_ticket_id = intval($merge_row['ticket_id']); // Sanity check if ($ticket_number == $merge_into_ticket_number) { - $_SESSION['alert_message'] = "Cannot merge into the same ticket."; + flash_alert("Cannot merge into the same ticket.", 'error'); redirect(); - exit(); } // Move ticket replies from child > parent @@ -1798,20 +1772,22 @@ if (isset($_POST['merge_ticket'])) { // Update current ticket mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); //Update new parent ticket mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); + mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); - // Logging logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number"); customAction('ticket_merge', $ticket_id); - $_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number"; + flash_alert("Ticket merged into $ticket_prefix$merge_into_ticket_number"); redirect(); + } if (isset($_POST['change_client_ticket'])) { @@ -1828,28 +1804,26 @@ if (isset($_POST['change_client_ticket'])) { // Update ticket client & contact mysqli_query($mysqli, "UPDATE tickets SET ticket_client_id = $client_id, ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id LIMIT 1"); - // Logging logAction("Ticket", "Change", "$session_name changed ticket client", $client_id, $ticket_id); customAction('ticket_update', $ticket_id); - $_SESSION['alert_message'] = "Ticket client updated"; + flash_alert("Ticket client updated"); redirect(); + } if (isset($_GET['resolve_ticket'])) { - enforceUserPermission('module_support', 2); - - // CSRF Check validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); + $ticket_id = intval($_GET['resolve_ticket']); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Resolved", "$session_name resolved ticket ID $ticket_id", 0, $ticket_id); customAction('ticket_resolve', $ticket_id); @@ -1929,24 +1903,24 @@ if (isset($_GET['resolve_ticket'])) { } //End Mail IF - $_SESSION['alert_message'] = "Ticket resolved"; + flash_alert("Ticket resolved"); + redirect(); + } if (isset($_GET['close_ticket'])) { - enforceUserPermission('module_support', 2); - - // CSRF Check validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); + $ticket_id = intval($_GET['close_ticket']); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", 0, $ticket_id); customAction('ticket_close', $ticket_id); @@ -2022,8 +1996,10 @@ if (isset($_GET['close_ticket'])) { } //End Mail IF - $_SESSION['alert_message'] = "Ticket Closed, this cannot not be reopened but you may start another one"; + flash_alert("Ticket Closed, this cannot not be reopened but you may start another one"); + redirect(); + } if (isset($_GET['reopen_ticket'])) { @@ -2034,13 +2010,14 @@ if (isset($_GET['reopen_ticket'])) { mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", 0, $ticket_id); customAction('ticket_update', $ticket_id); - $_SESSION['alert_message'] = "Ticket re-opened"; + flash_alert("Ticket re-opened"); + redirect(); + } if (isset($_POST['add_invoice_from_ticket'])) { @@ -2139,12 +2116,12 @@ if (isset($_POST['add_invoice_from_ticket'])) { mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id"); - // Logging logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id); - $_SESSION['alert_message'] = "Invoice $config_invoice_prefix$invoice_number created from ticket"; + flash_alert("Invoice $config_invoice_prefix$invoice_number created from ticket"); + + redirect("invoice.php?invoice_id=$invoice_id"); - header("Location: invoice.php?invoice_id=$invoice_id"); } if (isset($_POST['export_tickets_csv'])) { @@ -2193,6 +2170,7 @@ if (isset($_POST['export_tickets_csv'])) { fpassthru($f); } exit; + } if (isset($_POST['add_recurring_ticket'])) { @@ -2215,12 +2193,12 @@ if (isset($_POST['add_recurring_ticket'])) { } } - // Logging logAction("Recurring Ticket", "Create", "$session_name created recurring ticket for $subject - $frequency", $client_id, $recurring_ticket_id); - $_SESSION['alert_message'] = "Recurring ticket $subject - $frequency created"; + flash_alert("Recurring ticket $subject - $frequency created"); redirect(); + } if (isset($_POST['edit_recurring_ticket'])) { @@ -2243,19 +2221,20 @@ if (isset($_POST['edit_recurring_ticket'])) { } } - // Logging logAction("Recurring Ticket", "Edit", "$session_name edited recurring ticket $subject", $client_id, $recurring_ticket_id); - $_SESSION['alert_message'] = "Recurring ticket $subject - $frequency updated"; + flash_alert("Recurring ticket $subject - $frequency updated"); redirect(); + } if (isset($_GET['force_recurring_ticket'])) { - enforceUserPermission('module_support', 2); validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); + $recurring_ticket_id = intval($_GET['force_recurring_ticket']); $sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id"); @@ -2369,16 +2348,14 @@ if (isset($_GET['force_recurring_ticket'])) { $next_run = $next_run->format('Y-m-d'); mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_next_run = '$next_run' WHERE recurring_ticket_id = $recurring_ticket_id"); - // Logging logAction("Ticket", "Create", "$session_name force created recurring scheduled $frequency ticket - $config_ticket_prefix$ticket_number - $subject", $client_id, $id); - $_SESSION['alert_message'] = "Recurring Ticket Forced"; + flash_alert("Recurring Ticket Forced"); redirect(); } else { - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Recurring Ticket Force failed"; + flash_alert("Recurring Ticket Force failed", 'error'); redirect(); } @@ -2386,9 +2363,10 @@ if (isset($_GET['force_recurring_ticket'])) { if (isset($_GET['delete_recurring_ticket'])) { - enforceUserPermission('module_support', 3); validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 3); + $recurring_ticket_id = intval($_GET['delete_recurring_ticket']); // Get Scheduled Ticket Subject Ticket Prefix, Number and Client ID for logging and alert message @@ -2402,20 +2380,20 @@ if (isset($_GET['delete_recurring_ticket'])) { // Delete mysqli_query($mysqli, "DELETE FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id"); - // Logging logAction("Recurring Ticket", "Delete", "$session_name deleted recurring ticket $subject", $client_id, $recurring_ticket_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Recurring ticket $subject - $frequency deleted"; + flash_alert("Recurring ticket $subject - $frequency deleted", 'error'); redirect(); + } if (isset($_POST['bulk_delete_recurring_tickets'])) { - enforceUserPermission('module_support', 3); validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 3); + if (isset($_POST['recurring_ticket_ids'])) { $count = count($_POST['recurring_ticket_ids']); @@ -2426,18 +2404,17 @@ if (isset($_POST['bulk_delete_recurring_tickets'])) { $recurring_ticket_id = intval($recurring_ticket_id); mysqli_query($mysqli, "DELETE FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id"); - // Logging logAction("Recurring Ticket", "Delete", "$session_name deleted recurring ticket", 0, $recurring_ticket_id); } - // Logging logAction("Recurring Ticket", "Bulk Delete", "$session_name deleted $count recurring ticket(s)"); - $_SESSION['alert_message'] = "Deleted $count recurring ticket(s)"; + flash_alert("Deleted $count recurring ticket(s)", 'error'); } redirect(); + } if (isset($_POST['edit_ticket_billable_status'])) { @@ -2460,12 +2437,12 @@ if (isset($_POST['edit_ticket_billable_status'])) { mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id); - $_SESSION['alert_message'] = "Ticket marked $billable_wording Billable"; + flash_alert("Ticket marked $billable_wording Billable"); redirect(); + } if (isset($_POST['edit_ticket_schedule'])) { @@ -2619,18 +2596,17 @@ if (isset($_POST['edit_ticket_schedule'])) { $ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).'); mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id); customAction('ticket_schedule', $ticket_id); if (empty($conflicting_tickets)) { - $_SESSION['alert_message'] = "Ticket scheduled for $email_datetime"; + flash_alert("Ticket scheduled for $email_datetime"); redirect(); } else { $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time:
" . implode(",
", $conflicting_tickets); - header("Location: calendar.php"); + flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time:
" . implode(",
", $conflicting_tickets), 'error'); + redirect("calendar.php"); } } @@ -2771,12 +2747,12 @@ if (isset($_GET['cancel_ticket_schedule'])) { $ticket_reply_note = "Ticket schedule cancelled."; mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - // Logging logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id); customAction('ticket_unschedule', $ticket_id); - $_SESSION['alert_message'] = "Ticket schedule cancelled"; + flash_alert("Ticket schedule cancelled", 'error'); redirect(); + } diff --git a/user/post/transfer.php b/user/post/transfer.php index 606d6ed7..21a27dcf 100644 --- a/user/post/transfer.php +++ b/user/post/transfer.php @@ -33,10 +33,9 @@ if (isset($_POST['add_transfer'])) { $transfer_id = mysqli_insert_id($mysqli); - // Logging logAction("Account Transfer", "Create", "$session_name transferred " . numfmt_format_currency($currency_format, $amount, $account_currency_code) . " from account $source_account_name to $destination_account_name", 0, $transfer_id); - $_SESSION['alert_message'] = "Transferred " . numfmt_format_currency($currency_format, $amount, $account_currency_code) . " from $source_account_name to $destination_account_name"; + flash_alert("Transferred " . numfmt_format_currency($currency_format, $amount, $account_currency_code) . " from $source_account_name to $destination_account_name"); redirect(); @@ -48,7 +47,6 @@ if (isset($_POST['edit_transfer'])) { require_once 'transfer_model.php'; - $transfer_id = intval($_POST['transfer_id']); $expense_id = intval($_POST['expense_id']); $revenue_id = intval($_POST['revenue_id']); @@ -59,10 +57,9 @@ if (isset($_POST['edit_transfer'])) { mysqli_query($mysqli,"UPDATE transfers SET transfer_method = '$transfer_method', transfer_notes = '$notes' WHERE transfer_id = $transfer_id"); - // Logging logAction("Account Transfer", "Edit", "$session_name edited transfer", 0, $transfer_id); - $_SESSION['alert_message'] = "Transfer edited"; + flash_alert("Transfer edited"); redirect(); @@ -85,11 +82,9 @@ if (isset($_GET['delete_transfer'])) { mysqli_query($mysqli,"DELETE FROM transfers WHERE transfer_id = $transfer_id"); - // Logging logAction("Account Transfer", "Delete", "$session_name deleted transfer"); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Transfer deleted"; + flash_alert("Transfer deleted", 'error'); redirect(); diff --git a/user/post/trip.php b/user/post/trip.php index 87a549e8..951e4c49 100644 --- a/user/post/trip.php +++ b/user/post/trip.php @@ -10,15 +10,13 @@ if (isset($_POST['add_trip'])) { require_once 'trip_model.php'; - mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id"); $trip_id = mysqli_insert_id($mysqli); - // Logging logAction("Trip", "Create", "$session_name logged trip from $source to $destination", $client_id , $trip_id); - $_SESSION['alert_message'] = "Trip from $source to $destination logged"; + flash_alert("Trip from $source to $destination logged"); redirect(); @@ -32,10 +30,9 @@ if (isset($_POST['edit_trip'])) { mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_user_id = $user_id, trip_client_id = $client_id WHERE trip_id = $trip_id"); - // Logging logAction("Trip", "Edit", "$session_name edited trip", $client_id , $trip_id); - $_SESSION['alert_message'] = "Trip edited"; + flash_alert("Trip edited"); redirect(); @@ -53,11 +50,9 @@ if (isset($_GET['delete_trip'])) { mysqli_query($mysqli,"DELETE FROM trips WHERE trip_id = $trip_id"); - // Logging logAction("Trip", "Delete", "$session_name deleted trip ($trip_source - $trip_destination)", $client_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Trip ($trip_source - $trip_destination) deleted"; + flash_alert("Trip ($trip_source - $trip_destination) deleted", 'error'); redirect(); @@ -119,7 +114,6 @@ if (isset($_POST['export_trips_csv'])) { //output all remaining data on a file pointer fpassthru($f); - // Logging logAction("Trip", "Export", "$session_name exported $count trip(s) to a CSV file"); } exit; diff --git a/user/post/vendor.php b/user/post/vendor.php index c943e4ec..9fbc7df4 100644 --- a/user/post/vendor.php +++ b/user/post/vendor.php @@ -36,10 +36,9 @@ if (isset($_POST['add_vendor_from_template'])) { $vendor_id = mysqli_insert_id($mysqli); - // Logging logAction("Vendor", "Create", "$session_name created vendor $name using a template", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor $name created from template"; + flash_alert("Vendor $name created from template"); redirect(); @@ -57,12 +56,12 @@ if (isset($_POST['add_vendor'])) { $vendor_id = mysqli_insert_id($mysqli); - // Logging logAction("Vendor", "Create", "$session_name created vendor $name", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor $name created"; + flash_alert("Vendor $name created"); redirect(); + } if (isset($_POST['edit_vendor'])) { @@ -73,21 +72,20 @@ if (isset($_POST['edit_vendor'])) { $vendor_template_id = intval($_POST['vendor_template_id']); // Get Client ID - $sql_vendor = mysqli_query($mysqli,"SELECT vendor_client_id FROM vendors WHERE vendor_id = $vendor_id"); - $row = mysqli_fetch_array($sql_vendor); - $client_id = intval($row['vendor_client_id']); + $client_id = intval(getFieldById('vendors', $vendor_id, 'vendor_client_id')); mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone_country_code = '$phone_country_code', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code',vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template_id = $vendor_template_id WHERE vendor_id = $vendor_id"); - // Logging logAction("Vendor", "Edit", "$session_name edited vendor $name", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor $name edited"; + flash_alert("Vendor $name edited"); redirect(); + } if (isset($_GET['archive_vendor'])) { + $vendor_id = intval($_GET['archive_vendor']); //Get Vendor Name @@ -98,13 +96,12 @@ if (isset($_GET['archive_vendor'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id"); - // Logging logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Vendor $vendor_name archived"; + flash_alert("Vendor $vendor_name archived", 'error'); redirect(); + } if(isset($_GET['unarchive_vendor'])){ @@ -119,15 +116,16 @@ if(isset($_GET['unarchive_vendor'])){ mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id"); - // Logging logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id); - $_SESSION['alert_message'] = "Vendor $vendor_name restored"; + flash_alert("Vendor $vendor_name restored"); redirect(); + } if (isset($_GET['delete_vendor'])) { + $vendor_id = intval($_GET['delete_vendor']); //Get Vendor Name @@ -144,18 +142,19 @@ if (isset($_GET['delete_vendor'])) { mysqli_query($mysqli,"DELETE FROM vendors WHERE vendor_id = $vendor_id"); - // Logging logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Vendor $vendor_name deleted"; + flash_alert("Vendor $vendor_name deleted", 'error'); redirect(); + } if (isset($_POST['bulk_archive_vendors'])) { - validateAdminRole(); + validateCSRFToken($_POST['csrf_token']); + + validateAdminRole(); if (isset($_POST['vendor_ids'])) { @@ -175,24 +174,24 @@ if (isset($_POST['bulk_archive_vendors'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id"); - // Individual Contact logging logAction("Vendor", "Archive", "$session_name archived vendor $vendor_name", $client_id, $vendor_id); } - // Bulk Logging logAction("Vendor", "Bulk Archive", "$session_name archived $count vendor(s)"); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Archived $count vendor(s)"; + flash_alert("Archived $count vendor(s)", 'error'); } redirect(); + } if (isset($_POST['bulk_unarchive_vendors'])) { - validateAdminRole(); + validateCSRFToken($_POST['csrf_token']); + + validateAdminRole(); if (isset($_POST['vendor_ids'])) { @@ -212,25 +211,26 @@ if (isset($_POST['bulk_unarchive_vendors'])) { mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NULL WHERE vendor_id = $vendor_id"); - // Individual logging logAction("Vendor", "Unarchive", "$session_name unarchived vendor $vendor_name", $client_id, $vendor_id); } - // Bulk Logging logAction("Vendor", "Bulk Unarchive", "$session_name unarchived $count vendor(s)"); - $_SESSION['alert_message'] = "Unarchived $count vendor(s)"; + flash_alert("Unarchived $count vendor(s)"); } redirect(); + } if (isset($_POST['bulk_delete_vendors'])) { - validateAdminRole(); + validateCSRFToken($_POST['csrf_token']); + validateAdminRole(); + if (isset($_POST['vendor_ids'])) { // Get Selected Count @@ -255,20 +255,18 @@ if (isset($_POST['bulk_delete_vendors'])) { mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id"); - // Logging logAction("Vendor", "Delete", "$session_name deleted vendor $vendor_name", $client_id); } - // Bulk Logging logAction("Vendor", "Bulk Delete", "$session_name deleted $count vendor(s)"); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Deleted $count vendor(s)"; + flash_alert("Deleted $count vendor(s)", 'error'); } redirect(); + } if (isset($_POST['export_vendors_csv'])) { @@ -312,8 +310,8 @@ if (isset($_POST['export_vendors_csv'])) { fpassthru($f); } - // Logging logAction("Vendor", "Export", "$session_name exported $count vendor(s) to a CSV file"); exit; + } diff --git a/user/post/vendor_contact.php b/user/post/vendor_contact.php index d386b945..2d2b6d1a 100644 --- a/user/post/vendor_contact.php +++ b/user/post/vendor_contact.php @@ -16,12 +16,11 @@ if (isset($_POST['add_vendor_contact'])) { $vendor_contact_id = mysqli_insert_id($mysqli); - // Logging logAction("Vendor Contact", "Create", "$session_name created vendor contact $name", $client_id, $vendor_contact_id); customAction('vendor_contact_create', $vendor_contact_id); - $_SESSION['alert_message'] = "Vendor Contact $name created"; + flash_alert("Vendor Contact $name created"); redirect(); @@ -37,12 +36,11 @@ if (isset($_POST['edit_vendor_contact'])) { mysqli_query($mysqli,"UPDATE vendor_contacts SET vendor_contact_name = '$name', vendor_contact_title = '$title', vendor_contact_phone = '$phone', vendor_contact_extension = '$extension', vendor_contact_mobile = '$mobile', vendor_contact_email = '$email', contact_pin = '$pin', vendor_contact_notes = '$notes', vendor_contact_department = '$department' WHERE vendor_contact_id = $vendor_contact_id"); - //Logging logAction("Vendor Contact", "Edit", "$session_name edited vendor contact $name", $client_id, $vendor_contact_id); customAction('vendor_contact_update', $vendor_contact_id); - $_SESSION['alert_message'] = "Vendor Contact $name updated"; + flash_alert("Vendor Contact $name updated"); redirect(); @@ -50,10 +48,10 @@ if (isset($_POST['edit_vendor_contact'])) { if (isset($_POST['bulk_archive_vendor_contacts'])) { - enforceUserPermission('module_client', 2); - //validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_client', 2); + if (isset($_POST['vendor_contact_ids'])) { $count = 0; // Default 0 @@ -71,22 +69,22 @@ if (isset($_POST['bulk_archive_vendor_contacts'])) { } - // Bulk Logging logAction("Vendor Contact", "Bulk Archive", "$session_name archived $count vendor contacts", $client_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Archived $count vendor contact(s)"; + flash_alert("Archived $count vendor contact(s)", 'error'); } redirect(); + } if (isset($_POST['bulk_unarchive_vendor_contacts'])) { - enforceUserPermission('module_client', 2); //validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_client', 2); + if (isset($_POST['contact_ids'])) { // Get Selected Contacts Count @@ -111,26 +109,26 @@ if (isset($_POST['bulk_unarchive_vendor_contacts'])) { mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id"); - // Individual Contact logging logAction("Contact", "Unarchive", "$session_name unarchived $contact_name", $client_id, $contact_id); } - // Bulk Logging logAction("Contact", "Bulk Unarchive", "$session_name Unarchived $count contacts", $client_id); - $_SESSION['alert_message'] = "You unarchived $count contact(s)"; + flash_alert("You unarchived $count contact(s)"); } redirect(); + } if (isset($_POST['bulk_delete_vendor_contacts'])) { - enforceUserPermission('module_client', 3); validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_client', 3); + if (isset($_POST['contact_ids'])) { // Get Selected Contacts Count @@ -163,19 +161,18 @@ if (isset($_POST['bulk_delete_vendor_contacts'])) { mysqli_query($mysqli, "DELETE FROM contact_logins WHERE contact_id = $contact_id"); mysqli_query($mysqli, "DELETE FROM contact_notes WHERE contact_note_contact_id = $contact_id"); - // Individual Logging logAction("Contact", "Delete", "$session_name deleted $contact_name", $client_id); } - // Bulk Logging logAction("Contact", "Bulk Delete", "$session_name deleted $count contacts", $client_id); - $_SESSION['alert_message'] = "You deleted $count contact(s)"; + flash_alert("You deleted $count contact(s)", 'error'); } redirect(); + } @@ -199,12 +196,9 @@ if (isset($_GET['archive_vendor_contact'])) { mysqli_query($mysqli,"UPDATE contacts SET contact_important = 0, contact_billing = 0, contact_technical = 0, contact_archived_at = NOW() WHERE contact_id = $contact_id"); - // Logging logAction("Contact", "Archive", "$session_name archived contact $contact_name", $client_id, $contact_id); - - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Contact $contact_name has been archived"; + flash_alert("Contact $contact_name has been archived", 'alert'); redirect(); @@ -230,10 +224,9 @@ if (isset($_GET['unarchive_vendor_contact'])) { mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id"); - // logging logAction("Contact", "Unarchive", "$session_name unarchived contact $contact_name", $client_id, $contact_id); - $_SESSION['alert_message'] = "Contact $contact_name has been Unarchived"; + flash_alert("Contact $contact_name has been Unarchived"); redirect(); @@ -267,17 +260,14 @@ if (isset($_GET['delete_vendor_contact'])) { mysqli_query($mysqli, "DELETE FROM contact_logins WHERE contact_id = $contact_id"); mysqli_query($mysqli, "DELETE FROM contact_notes WHERE contact_note_contact_id = $contact_id"); - //Logging logAction("Contact", "Delete", "$session_name deleted contact $contact_name", $client_id); - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Contact $contact_name has been deleted."; + flash_alert("Contact $contact_name has been deleted.", 'error'); redirect(); } - if (isset($_POST['export_vendor_contacts_csv'])) { enforceUserPermission('module_client'); @@ -323,7 +313,6 @@ if (isset($_POST['export_vendor_contacts_csv'])) { } - //Logging logAction("Contact", "Export", "$session_name exported $num_rows contact(s) to a CSV file", $client_id); exit; @@ -340,10 +329,8 @@ if (isset($_POST["import_vendor_contacts_csv"])) { if (!empty($_FILES["file"]["tmp_name"])) { $file_name = $_FILES["file"]["tmp_name"]; } else { - $_SESSION['alert_message'] = "Please select a file to upload."; - $_SESSION['alert_type'] = "error"; + flash_alert("Please select a file to upload.", 'error'); redirect(); - exit(); } //Check file is CSV @@ -351,13 +338,13 @@ if (isset($_POST["import_vendor_contacts_csv"])) { $allowed_file_extensions = array('csv'); if (in_array($file_extension,$allowed_file_extensions) === false) { $error = true; - $_SESSION['alert_message'] = "Bad file extension"; + flash_alert("Bad file extension", 'error'); } //Check file isn't empty elseif ($_FILES["file"]["size"] < 1) { $error = true; - $_SESSION['alert_message'] = "Bad file size (empty?)"; + flash_alert("Bad file size (empty?)", 'error'); } //(Else)Check column count @@ -365,7 +352,7 @@ if (isset($_POST["import_vendor_contacts_csv"])) { $f_columns = fgetcsv($f, 1000, ","); if (!$error & count($f_columns) != 8) { $error = true; - $_SESSION['alert_message'] = "Bad column count."; + flash_alert("Bad column count.", 'error'); } //Else, parse the file @@ -408,7 +395,6 @@ if (isset($_POST["import_vendor_contacts_csv"])) { } // Potentially import the rest in the future? - // Check if duplicate was detected if ($duplicate_detect == 0) { //Add @@ -420,20 +406,21 @@ if (isset($_POST["import_vendor_contacts_csv"])) { } fclose($file); - //Logging logAction("Contact", "Import", "$session_name imported $row_count contact(s) via CSV file", $client_id); - $_SESSION['alert_message'] = "$row_count Contact(s) added, $duplicate_count duplicate(s) detected"; + flash_alert("$row_count Contact(s) added, $duplicate_count duplicate(s) detected", 'warning'); + redirect(); } //Check for any errors, if there are notify user and redirect if ($error) { - $_SESSION['alert_type'] = "warning"; redirect(); } + } if (isset($_GET['download_vendor_contacts_csv_template'])) { + $client_id = intval($_GET['download_client_contacts_csv_template']); //get records from database