From ddb67779d6a8f562c1ed4795000e1285f016da61 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sun, 26 Feb 2023 15:00:54 +0000 Subject: [PATCH 1/4] Add bulk delete option for scheduled tickets --- client_scheduled_tickets.php | 131 ++++++++++------- js/scheduled_tickets_bulk_delete_button.js | 3 + js/scheduled_tickets_edit_modal.js | 2 +- models/scheduled_ticket.php | 23 +++ post.php | 78 +++++----- scheduled_ticket_add_modal.php | 58 ++++---- scheduled_ticket_edit_modal.php | 162 ++++++++++----------- scheduled_tickets.php | 147 +++++++++++-------- 8 files changed, 342 insertions(+), 262 deletions(-) create mode 100644 js/scheduled_tickets_bulk_delete_button.js create mode 100644 models/scheduled_ticket.php diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php index 5031d0d2..ef6133b4 100644 --- a/client_scheduled_tickets.php +++ b/client_scheduled_tickets.php @@ -22,7 +22,6 @@ $sql = mysqli_query( $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); ?> -
@@ -56,71 +55,93 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- - "> - - - - - - - - - - + + +
SubjectPriorityFrequencyNext Run DateAction
+ "> - - - - - - + + + + + + + + + + while ($row = mysqli_fetch_array($sql)) { + $scheduled_ticket_id = intval($row['scheduled_ticket_id']); + $scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']); + $scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']); + $scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']); + $scheduled_ticket_next_run = htmlentities($row['scheduled_ticket_next_run']); + ?> + + + + + + + + + + + + + + + + + + +
-
- -
- - Edit - - -
- - Delete - -
- -
- 		SelectSubjectPriorityFrequencyNext Run DateAction
+
+ +
+ 		+
+ +
+ + Edit + + +
+ + Delete + +
+ +
+
+ + - -
- + +
+ +
+ + +
+ + set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); +$purifier = new HTMLPurifier($purifier_config); + +$client_id = intval($_POST['client']); +$subject = sanitizeInput($_POST['subject']); +$priority = sanitizeInput($_POST['priority']); +$details = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode($_POST['details'])))); +$frequency = sanitizeInput($_POST['frequency']); + + +$asset_id = ""; +if (isset($_POST['asset'])) { + $asset_id = intval($_POST['asset']); +} + +$contact_id = ""; +if (isset($_POST['contact'])) { + $contact_id = intval($_POST['contact']); +} diff --git a/post.php b/post.php index 046053ad..4ddcba0b 100644 --- a/post.php +++ b/post.php @@ -7058,38 +7058,26 @@ if(isset($_GET['export_client_tickets_csv'])){ } -if(isset($_POST['add_scheduled_ticket'])){ +if (isset($_POST['add_scheduled_ticket'])) { validateTechRole(); - // HTML Purifier - require("plugins/htmlpurifier/HTMLPurifier.standalone.php"); - $purifier_config = HTMLPurifier_Config::createDefault(); - $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); - $purifier = new HTMLPurifier($purifier_config); - - $client_id = intval($_POST['client']); - $contact = intval($_POST['contact']); - $subject = sanitizeInput($_POST['subject']); - $priority = sanitizeInput($_POST['priority']); - $details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details'])))); - $asset_id = intval($_POST['asset']); - $frequency = sanitizeInput($_POST['frequency']); + require_once('models/scheduled_ticket.php'); $start_date = sanitizeInput($_POST['start_date']); - if($client_id > 0 && $contact == 0){ - $sql = mysqli_query($mysqli,"SELECT primary_contact FROM clients WHERE client_id = $client_id AND company_id = $session_company_id"); + if($client_id > 0 && $contact_id == 0){ + $sql = mysqli_query($mysqli, "SELECT primary_contact FROM clients WHERE client_id = $client_id AND company_id = $session_company_id"); $row = mysqli_fetch_array($sql); - $contact = intval($row['primary_contact']); + $contact_id = intval($row['primary_contact']); } // Add scheduled ticket - mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_created_by = $session_user_id, scheduled_ticket_client_id = $client_id, scheduled_ticket_contact_id = $contact, scheduled_ticket_asset_id = $asset_id, company_id = $session_company_id"); + mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_created_by = $session_user_id, scheduled_ticket_client_id = $client_id, scheduled_ticket_contact_id = $contact_id, scheduled_ticket_asset_id = $asset_id, company_id = $session_company_id"); $scheduled_ticket_id = mysqli_insert_id($mysqli); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Create', log_description = '$session_name created scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Create', log_description = '$session_name created scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency created"; @@ -7097,30 +7085,19 @@ if(isset($_POST['add_scheduled_ticket'])){ } -if(isset($_POST['edit_scheduled_ticket'])){ +if (isset($_POST['edit_scheduled_ticket'])) { validateTechRole(); - // HTML Purifier - require("plugins/htmlpurifier/HTMLPurifier.standalone.php"); - $purifier_config = HTMLPurifier_Config::createDefault(); - $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); - $purifier = new HTMLPurifier($purifier_config); - - $client_id = intval($_POST['client_id']); + require_once('models/scheduled_ticket.php'); $scheduled_ticket_id = intval($_POST['scheduled_ticket_id']); - $subject = sanitizeInput($_POST['subject']); - $priority = sanitizeInput($_POST['priority']); - $details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details'])))); - $asset_id = intval($_POST['asset']); - $frequency = sanitizeInput($_POST['frequency']); $next_run_date = sanitizeInput($_POST['next_date']); // Edit scheduled ticket mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_next_run = '$next_run_date', scheduled_ticket_asset_id = $asset_id, company_id = $session_company_id WHERE scheduled_ticket_id = $scheduled_ticket_id"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Modify', log_description = '$session_name modified scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Modify', log_description = '$session_name modified scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency updated"; @@ -7128,14 +7105,14 @@ if(isset($_POST['edit_scheduled_ticket'])){ } -if(isset($_GET['delete_scheduled_ticket'])){ +if (isset($_GET['delete_scheduled_ticket'])) { validateAdminRole(); $scheduled_ticket_id = intval($_GET['delete_scheduled_ticket']); // Get Scheduled Ticket Subject Ticket Prefix, Number and Client ID for logging and alert message - $sql = mysqli_query($mysqli,"SELECT * FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id AND company_id = $session_company_id"); + $sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id AND company_id = $session_company_id"); $row = mysqli_fetch_array($sql); $scheduled_ticket_subject = sanitizeInput($row['scheduled_ticket_subject']); $scheduled_ticket_frequency = sanitizeInput($row['scheduled_ticket_frequency']); @@ -7146,13 +7123,42 @@ if(isset($_GET['delete_scheduled_ticket'])){ mysqli_query($mysqli, "DELETE FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id"); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name deleted scheduled ticket for $subject - $frequency', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name deleted scheduled ticket for $subject - $frequency', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); } +if (isset($_POST['bulk_delete_scheduled_tickets'])) { + validateAdminRole(); + validateCSRFToken($_POST['csrf_token']); + + $count = 0; // Default 0 + $scheduled_ticket_ids = $_POST['scheduled_ticket_ids']; // Get array of scheduled tickets IDs to be deleted + + if (!empty($scheduled_ticket_ids)) { + + // Cycle through array and delete each scheduled ticket + foreach ($scheduled_ticket_ids as $scheduled_ticket_id) { + + $scheduled_ticket_id = intval($scheduled_ticket_id); + mysqli_query($mysqli, "DELETE FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name deleted scheduled ticket (bulk)', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id, company_id = $session_company_id"); + + $count++; + } + + // Logging + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name bulk deleted $count scheduled tickets', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_message'] = "Deleted $count scheduled ticket(s)"; + + } + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + if(isset($_POST['add_service'])){ validateTechRole(); diff --git a/scheduled_ticket_add_modal.php b/scheduled_ticket_add_modal.php index 0be82a54..a9c549b3 100644 --- a/scheduled_ticket_add_modal.php +++ b/scheduled_ticket_add_modal.php @@ -28,13 +28,11 @@ ?> - + - +
@@ -47,14 +45,12 @@ $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); while ($row = mysqli_fetch_array($sql)) { - $client_id = intval($row['client_id']); + $selectable_client_id = intval($row['client_id']); $client_name = htmlentities($row['client_name']); ?> - + - +
@@ -110,29 +106,31 @@ -
- -
-
- -
- + - + $sql_assets = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC"); + + while ($row = mysqli_fetch_array($sql_assets)) { + $asset_id_select = intval($row['asset_id']); + $asset_name_select = htmlentities($row['asset_name']); + ?> + + + + +
- + +
@@ -146,4 +144,4 @@
- \ No newline at end of file + diff --git a/scheduled_ticket_edit_modal.php b/scheduled_ticket_edit_modal.php index ffcb87e8..b29be050 100644 --- a/scheduled_ticket_edit_modal.php +++ b/scheduled_ticket_edit_modal.php @@ -1,91 +1,91 @@