mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 03:14:52 +00:00
Another Fix setup where user_companies was not creating a record due to user_id being out of the loop
This commit is contained in:
root
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header text-white">
|
<div class="modal-header text-white">
|
||||||
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New Client</h5>
|
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i>New Client</h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header text-white">
|
<div class="modal-header text-white">
|
||||||
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New Company</h5>
|
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>New Company</h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header text-white">
|
<div class="modal-header text-white">
|
||||||
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New User</h5>
|
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i>New User</h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
@@ -63,6 +63,23 @@
|
|||||||
|
|
||||||
<div class="tab-pane fade" id="pills-assign">
|
<div class="tab-pane fade" id="pills-assign">
|
||||||
|
|
||||||
|
<?php
|
||||||
|
$sql = mysqli_query($mysqli,"SELECT * FROM companies");
|
||||||
|
|
||||||
|
while($row = mysqli_fetch_array($sql)){
|
||||||
|
$company_id = $row['company_id'];
|
||||||
|
$company_name = $row['company_name'];
|
||||||
|
?>
|
||||||
|
|
||||||
|
<div class="form-check">
|
||||||
|
<input type="checkbox" class="form-check-input" name="company" value="<?php echo $company_id; ?>">
|
||||||
|
<label class="form-check-label"><?php echo $company_name; ?></label>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Assign a User to a Client</label>
|
<label>Assign a User to a Client</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
|
|||||||
@@ -23,7 +23,7 @@
|
|||||||
if(!empty($_GET['sb'])){
|
if(!empty($_GET['sb'])){
|
||||||
$sb = $_GET['sb'];
|
$sb = $_GET['sb'];
|
||||||
}else{
|
}else{
|
||||||
$sb = "company_id";
|
$sb = "companies.company_id";
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['o'])){
|
if(isset($_GET['o'])){
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header text-white">
|
<div class="modal-header text-white">
|
||||||
<h5 class="modal-title"><i class="fa fa-fw fa-user-edit mr-2"></i><?php echo $client_name; ?></h5>
|
<h5 class="modal-title"><i class="fa fa-fw fa-user mr-2"></i><?php echo $client_name; ?></h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header text-white">
|
<div class="modal-header text-white">
|
||||||
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i><?php echo $company_name; ?></h5>
|
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i><?php echo $company_name; ?></h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content bg-dark">
|
<div class="modal-content bg-dark">
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<h5 class="modal-title text-white"><i class="fa fa-fw fa-user-edit mr-2"></i><?php echo $name; ?></h5>
|
<h5 class="modal-title text-white"><i class="fa fa-fw fa-user mr-2"></i><?php echo $name; ?></h5>
|
||||||
<button type="button" class="close text-white" data-dismiss="modal">
|
<button type="button" class="close text-white" data-dismiss="modal">
|
||||||
<span aria-hidden="true">×</span>
|
<span aria-hidden="true">×</span>
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
185
post.php
185
post.php
@@ -15,6 +15,102 @@ use PHPMailer\PHPMailer\Exception;
|
|||||||
|
|
||||||
$todays_date = date('Y-m-d');
|
$todays_date = date('Y-m-d');
|
||||||
|
|
||||||
|
if(isset($_POST['add_user'])){
|
||||||
|
|
||||||
|
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
||||||
|
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
||||||
|
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
|
||||||
|
$client_id = intval($_POST['client']);
|
||||||
|
|
||||||
|
if($_FILES['file']['tmp_name']!='') {
|
||||||
|
$path = "uploads/users/";
|
||||||
|
$path = $path . time() . basename( $_FILES['file']['name']);
|
||||||
|
$file_name = basename($path);
|
||||||
|
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
||||||
|
}
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', avatar = '$path', created_at = NOW(), client_id = $client_id");
|
||||||
|
|
||||||
|
$_SESSION['alert_message'] = "User added";
|
||||||
|
|
||||||
|
header("Location: users.php");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_POST['edit_user'])){
|
||||||
|
|
||||||
|
$user_id = intval($_POST['user_id']);
|
||||||
|
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
||||||
|
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
||||||
|
$current_password_hash = mysqli_real_escape_string($mysqli,$_POST['current_password_hash']);
|
||||||
|
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
|
||||||
|
if($current_password_hash == $password){
|
||||||
|
$password = $current_password_hash;
|
||||||
|
}else{
|
||||||
|
$password = md5($password);
|
||||||
|
}
|
||||||
|
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']));
|
||||||
|
|
||||||
|
if($_FILES['file']['tmp_name']!='') {
|
||||||
|
//delete old avatar file
|
||||||
|
unlink($path);
|
||||||
|
//Update with new path
|
||||||
|
$path = "uploads/users/";
|
||||||
|
$path = $path . basename( $_FILES['file']['name']);
|
||||||
|
$file_name = basename($path);
|
||||||
|
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
||||||
|
}
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"UPDATE users SET name = '$name', email = '$email', password = '$password', avatar = '$path', updated_at = NOW() WHERE user_id = $user_id");
|
||||||
|
|
||||||
|
$_SESSION['alert_message'] = "User updated";
|
||||||
|
|
||||||
|
header("Location: users.php");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_POST['add_company'])){
|
||||||
|
|
||||||
|
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_created_at = NOW()");
|
||||||
|
|
||||||
|
$config_api_key = keygen();
|
||||||
|
$company_id = mysqli_insert_id($mysqli);
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 0, config_enable_cron = 0");
|
||||||
|
|
||||||
|
$_SESSION['alert_message'] = "Company added";
|
||||||
|
|
||||||
|
header("Location: companies.php");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_POST['edit_company'])){
|
||||||
|
$company_id = intval($_POST['company_id']);
|
||||||
|
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_updated_at = NOW() WHERE company_id = $company_id");
|
||||||
|
|
||||||
|
$_SESSION['alert_message'] = "Company modified";
|
||||||
|
|
||||||
|
header("Location: companies.php");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_GET['delete_company'])){
|
||||||
|
$company_id = intval($_GET['delete_company']);
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"DELETE FROM companies WHERE company_id = $company_id");
|
||||||
|
|
||||||
|
mysqli_query($mysqli,"DELETE FROM settings WHERE company_id = $company_id");
|
||||||
|
|
||||||
|
$_SESSION['alert_message'] = "Company deleted";
|
||||||
|
|
||||||
|
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if(isset($_POST['verify'])){
|
if(isset($_POST['verify'])){
|
||||||
|
|
||||||
require_once("rfc6238.php");
|
require_once("rfc6238.php");
|
||||||
@@ -250,95 +346,6 @@ if(isset($_GET['download_database'])){
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_POST['add_user'])){
|
|
||||||
|
|
||||||
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
|
||||||
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
|
||||||
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
|
|
||||||
$client_id = intval($_POST['client']);
|
|
||||||
|
|
||||||
if($_FILES['file']['tmp_name']!='') {
|
|
||||||
$path = "uploads/users/";
|
|
||||||
$path = $path . time() . basename( $_FILES['file']['name']);
|
|
||||||
$file_name = basename($path);
|
|
||||||
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
|
||||||
}
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', avatar = '$path', created_at = NOW(), client_id = $client_id");
|
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "User added";
|
|
||||||
|
|
||||||
header("Location: users.php");
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_POST['edit_user'])){
|
|
||||||
|
|
||||||
$user_id = intval($_POST['user_id']);
|
|
||||||
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
|
||||||
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
|
||||||
$current_password_hash = mysqli_real_escape_string($mysqli,$_POST['current_password_hash']);
|
|
||||||
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
|
|
||||||
if($current_password_hash == $password){
|
|
||||||
$password = $current_password_hash;
|
|
||||||
}else{
|
|
||||||
$password = md5($password);
|
|
||||||
}
|
|
||||||
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']));
|
|
||||||
|
|
||||||
if($_FILES['file']['tmp_name']!='') {
|
|
||||||
//delete old avatar file
|
|
||||||
unlink($path);
|
|
||||||
//Update with new path
|
|
||||||
$path = "uploads/users/";
|
|
||||||
$path = $path . basename( $_FILES['file']['name']);
|
|
||||||
$file_name = basename($path);
|
|
||||||
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
|
||||||
}
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE users SET name = '$name', email = '$email', password = '$password', avatar = '$path', updated_at = NOW() WHERE user_id = $user_id");
|
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "User updated";
|
|
||||||
|
|
||||||
header("Location: users.php");
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_POST['add_company'])){
|
|
||||||
|
|
||||||
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_created_at = NOW()");
|
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "Company added";
|
|
||||||
|
|
||||||
header("Location: companies.php");
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_POST['edit_company'])){
|
|
||||||
$company_id = intval($_POST['company_id']);
|
|
||||||
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_updated_at = NOW() WHERE company_id = $company_id");
|
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "Company modified";
|
|
||||||
|
|
||||||
header("Location: companies.php");
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_GET['delete_company'])){
|
|
||||||
$company_id = intval($_GET['delete_company']);
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"DELETE FROM companies WHERE company_id = $company_id");
|
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "Company deleted";
|
|
||||||
|
|
||||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_POST['add_client'])){
|
if(isset($_POST['add_client'])){
|
||||||
|
|
||||||
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
|
||||||
|
|||||||
22
setup.php
22
setup.php
@@ -91,6 +91,10 @@ if(isset($_POST['add_company_settings'])){
|
|||||||
|
|
||||||
include("config.php");
|
include("config.php");
|
||||||
|
|
||||||
|
$sql = mysqli_query($mysqli,"SELECT user_id FROM users");
|
||||||
|
$row = mysqli_fetch_array($sql);
|
||||||
|
$user_id = $row['user_id'];
|
||||||
|
|
||||||
$config_company_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_name']));
|
$config_company_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_name']));
|
||||||
$config_company_address = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_address']));
|
$config_company_address = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_address']));
|
||||||
$config_company_city = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_city']));
|
$config_company_city = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_city']));
|
||||||
@@ -100,7 +104,7 @@ if(isset($_POST['add_company_settings'])){
|
|||||||
$config_company_phone = preg_replace("/[^0-9]/", '',$config_company_phone);
|
$config_company_phone = preg_replace("/[^0-9]/", '',$config_company_phone);
|
||||||
$config_company_site = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_site']));
|
$config_company_site = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_site']));
|
||||||
$config_api_key = keygen();
|
$config_api_key = keygen();
|
||||||
$user_id = mysqli_insert_id($mysqli);
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$config_company_name', company_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$config_company_name', company_created_at = NOW()");
|
||||||
|
|
||||||
@@ -204,6 +208,20 @@ if(isset($_POST['add_company_settings'])){
|
|||||||
<?php include("config.php"); ?>
|
<?php include("config.php"); ?>
|
||||||
<?php if(isset($_GET['database'])){ ?>
|
<?php if(isset($_GET['database'])){ ?>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
//Alert Feedback
|
||||||
|
if(!empty($_SESSION['alert_message'])){
|
||||||
|
?>
|
||||||
|
<div class="alert alert-info" id="alert">
|
||||||
|
<?php echo $_SESSION['alert_message']; ?>
|
||||||
|
<button class='close' data-dismiss='alert'>×</button>
|
||||||
|
</div>
|
||||||
|
<?php
|
||||||
|
$_SESSION['alert_type'] = '';
|
||||||
|
$_SESSION['alert_message'] = '';
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
<div class="card mb-3">
|
<div class="card mb-3">
|
||||||
<div class="card-header">
|
<div class="card-header">
|
||||||
<h6 class="mt-1"><i class="fa fa-fw fa-database"></i> Setup Database</h6>
|
<h6 class="mt-1"><i class="fa fa-fw fa-database"></i> Setup Database</h6>
|
||||||
@@ -242,7 +260,7 @@ if(isset($_POST['add_company_settings'])){
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group mb-5">
|
<div class="form-group mb-5">
|
||||||
<label>Database Host</label>
|
<label>Host</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
|
||||||
|
|||||||
Reference in New Issue
Block a user