AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Another Fix setup where user_companies was not creating a record due to user_id being out of the loop

This commit is contained in:
root 2019-08-16 00:12:47 -04:00
parent aa766c7671
commit b2746ddfa5
9 changed files with 140 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
add_client_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New Client</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i>New Client</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>

2
add_company_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New Company</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>New Company</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>

19
add_user_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New User</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i>New User</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -63,6 +63,23 @@
<div class="tab-pane fade" id="pills-assign">
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM companies");
while($row = mysqli_fetch_array($sql)){
$company_id = $row['company_id'];
$company_name = $row['company_name'];
?>
<div class="form-check">
<input type="checkbox" class="form-check-input" name="company" value="<?php echo $company_id; ?>">
<label class="form-check-label"><?php echo $company_name; ?></label>
</div>
<?php
}
?>
<div class="form-group">
<label>Assign a User to a Client</label>
<div class="input-group">

2
companies.php
View File

@ -23,7 +23,7 @@
if(!empty($_GET['sb'])){
$sb = $_GET['sb'];
}else{
$sb = "company_id";
$sb = "companies.company_id";
}
if(isset($_GET['o'])){

2
edit_client_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-user-edit mr-2"></i><?php echo $client_name; ?></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i><?php echo $client_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>

2
edit_company_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i><?php echo $company_name; ?></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i><?php echo $company_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>

2
edit_user_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-user-edit mr-2"></i><?php echo $name; ?></h5>
<h5 class="modal-title text-white"><i class="fa fa-fw fa-user mr-2"></i><?php echo $name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>

185
post.php
View File

@ -15,6 +15,102 @@ use PHPMailer\PHPMailer\Exception;
$todays_date = date('Y-m-d');
if(isset($_POST['add_user'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$client_id = intval($_POST['client']);
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/users/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', avatar = '$path', created_at = NOW(), client_id = $client_id");
$_SESSION['alert_message'] = "User added";
header("Location: users.php");
}
if(isset($_POST['edit_user'])){
$user_id = intval($_POST['user_id']);
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$current_password_hash = mysqli_real_escape_string($mysqli,$_POST['current_password_hash']);
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
if($current_password_hash == $password){
$password = $current_password_hash;
}else{
$password = md5($password);
}
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']));
if($_FILES['file']['tmp_name']!='') {
//delete old avatar file
unlink($path);
//Update with new path
$path = "uploads/users/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"UPDATE users SET name = '$name', email = '$email', password = '$password', avatar = '$path', updated_at = NOW() WHERE user_id = $user_id");
$_SESSION['alert_message'] = "User updated";
header("Location: users.php");
}
if(isset($_POST['add_company'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_created_at = NOW()");
$config_api_key = keygen();
$company_id = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 0, config_enable_cron = 0");
$_SESSION['alert_message'] = "Company added";
header("Location: companies.php");
}
if(isset($_POST['edit_company'])){
$company_id = intval($_POST['company_id']);
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_updated_at = NOW() WHERE company_id = $company_id");
$_SESSION['alert_message'] = "Company modified";
header("Location: companies.php");
}
if(isset($_GET['delete_company'])){
$company_id = intval($_GET['delete_company']);
mysqli_query($mysqli,"DELETE FROM companies WHERE company_id = $company_id");
mysqli_query($mysqli,"DELETE FROM settings WHERE company_id = $company_id");
$_SESSION['alert_message'] = "Company deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['verify'])){
require_once("rfc6238.php");
@ -250,95 +346,6 @@ if(isset($_GET['download_database'])){
}
if(isset($_POST['add_user'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$client_id = intval($_POST['client']);
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/users/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', avatar = '$path', created_at = NOW(), client_id = $client_id");
$_SESSION['alert_message'] = "User added";
header("Location: users.php");
}
if(isset($_POST['edit_user'])){
$user_id = intval($_POST['user_id']);
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$current_password_hash = mysqli_real_escape_string($mysqli,$_POST['current_password_hash']);
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
if($current_password_hash == $password){
$password = $current_password_hash;
}else{
$password = md5($password);
}
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']));
if($_FILES['file']['tmp_name']!='') {
//delete old avatar file
unlink($path);
//Update with new path
$path = "uploads/users/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"UPDATE users SET name = '$name', email = '$email', password = '$password', avatar = '$path', updated_at = NOW() WHERE user_id = $user_id");
$_SESSION['alert_message'] = "User updated";
header("Location: users.php");
}
if(isset($_POST['add_company'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_created_at = NOW()");
$_SESSION['alert_message'] = "Company added";
header("Location: companies.php");
}
if(isset($_POST['edit_company'])){
$company_id = intval($_POST['company_id']);
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_updated_at = NOW() WHERE company_id = $company_id");
$_SESSION['alert_message'] = "Company modified";
header("Location: companies.php");
}
if(isset($_GET['delete_company'])){
$company_id = intval($_GET['delete_company']);
mysqli_query($mysqli,"DELETE FROM companies WHERE company_id = $company_id");
$_SESSION['alert_message'] = "Company deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_client'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));

22
setup.php
View File

@ -91,6 +91,10 @@ if(isset($_POST['add_company_settings'])){
include("config.php");
$sql = mysqli_query($mysqli,"SELECT user_id FROM users");
$row = mysqli_fetch_array($sql);
$user_id = $row['user_id'];
$config_company_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_name']));
$config_company_address = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_address']));
$config_company_city = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_city']));
@ -100,7 +104,7 @@ if(isset($_POST['add_company_settings'])){
$config_company_phone = preg_replace("/[^0-9]/", '',$config_company_phone);
$config_company_site = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_site']));
$config_api_key = keygen();
$user_id = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$config_company_name', company_created_at = NOW()");
@ -203,6 +207,20 @@ if(isset($_POST['add_company_settings'])){
<div class="container">
<?php include("config.php"); ?>
<?php if(isset($_GET['database'])){ ?>
<?php
//Alert Feedback
if(!empty($_SESSION['alert_message'])){
?>
<div class="alert alert-info" id="alert">
<?php echo $_SESSION['alert_message']; ?>
<button class='close' data-dismiss='alert'>&times;</button>
</div>
<?php
$_SESSION['alert_type'] = '';
$_SESSION['alert_message'] = '';
}
?>
<div class="card mb-3">
<div class="card-header">
@ -242,7 +260,7 @@ if(isset($_POST['add_company_settings'])){
</div>
<div class="form-group mb-5">
<label>Database Host</label>
<label>Host</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>