mirror of https://github.com/itflow-org/itflow
BREAKING CHANGES - Many DB Updates - NOT POSSIBLE TO EASILY UPGRADE TO THIS - Completely reworked User Company Access Permssions, started working on Client Role so Clients can access their data and a bunch of other small fixes
This commit is contained in:
johnnyq
parent
78f1e75eda
commit
ba584a57e0
|
|
@ -49,7 +49,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
||||
</div>
|
||||
<select class="form-control select2" name="company" required>
|
||||
<select class="form-control select2" name="default_company" required>
|
||||
<option value="">- Company -</option>
|
||||
<?php
|
||||
|
||||
|
|
@ -68,18 +68,19 @@
|
|||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>Permission <strong class="text-danger">*</strong></label>
|
||||
<label>Role <strong class="text-danger">*</strong></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
||||
</div>
|
||||
<select class="form-control select2" name="level" required>
|
||||
<option value="">- Permission -</option>
|
||||
<option value="5">Global Administrator</option>
|
||||
<option value="4">Administrator</option>
|
||||
<option value="3">Technician</option>
|
||||
<option value="2">IT Contractor</option>
|
||||
<option value="1">Accounting</option>
|
||||
<option value="">- Role -</option>
|
||||
<option value="6">Global Administrator</option>
|
||||
<option value="5">Administrator</option>
|
||||
<option value="4">Technician</option>
|
||||
<option value="3">IT Contractor</option>
|
||||
<option value="2">Client</option>
|
||||
<option value="1">Accountant</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
<?php
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_permission_companies)");
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)");
|
||||
while($row = mysqli_fetch_array($sql)){
|
||||
|
||||
$company_id = $row['company_id'];
|
||||
|
|
|
|||
|
|
@ -15,31 +15,50 @@
|
|||
|
||||
$session_user_id = $_SESSION['user_id'];
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users, permissions WHERE users.user_id = permissions.user_id AND users.user_id = $session_user_id");
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$session_name = $row['user_name'];
|
||||
$session_email = $row['user_email'];
|
||||
$session_avatar = $row['user_avatar'];
|
||||
$session_company_id = $row['permission_default_company'];
|
||||
$session_token = $row['user_token'];
|
||||
|
||||
$session_permission_level = $row['permission_level'];
|
||||
if($session_permission_level == 5){
|
||||
$session_permission_level_display = "Global Administrator";
|
||||
}elseif($session_permission_level == 4){
|
||||
$session_permission_level_display = "Administrator";
|
||||
}elseif($session_permission_level == 3){
|
||||
$session_permission_level_display = "Technician";
|
||||
}elseif($session_permission_level == 2){
|
||||
$session_permission_level_display = "IT Contractor";
|
||||
$session_company_id = $row['user_default_company'];
|
||||
$session_user_role = $row['user_role'];
|
||||
if($session_user_role == 6){
|
||||
$session_user_role_display = "Global Administrator";
|
||||
}elseif($session_user_role == 5){
|
||||
$session_user_role_display = "Administrator";
|
||||
}elseif($session_user_role == 4){
|
||||
$session_user_role_display = "Technician";
|
||||
}elseif($session_user_role == 3){
|
||||
$session_user_role_display = "IT Contractor";
|
||||
}elseif($session_user_role == 2){
|
||||
$session_user_role_display = "Client";
|
||||
}else{
|
||||
$session_permission_level_display = "Accounting";
|
||||
$session_user_role_display = "Accountant";
|
||||
}
|
||||
$session_permission_companies_array = explode(",",$row['permission_companies']);
|
||||
$session_permission_companies = $row['permission_companies'];
|
||||
$session_permission_clients_array = explode(",",$row['permission_clients']);
|
||||
$session_permission_clients = $row['permission_clients'];
|
||||
|
||||
//LOAD USER COMPANY ACCESS PERMISSIONS
|
||||
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
|
||||
$session_user_company_access_array = array();
|
||||
while($row = mysqli_fetch_array($session_user_company_access_sql)){
|
||||
$session_user_company_access_array[] = $row['company_id'];
|
||||
}
|
||||
$session_user_company_access = implode(',',$session_user_company_access_array);
|
||||
|
||||
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
|
||||
if(!in_array($session_company_id,$session_user_company_access_array)){
|
||||
session_start();
|
||||
session_destroy();
|
||||
header('Location: login.php');
|
||||
}
|
||||
|
||||
//LOAD USER CLIENT ACCESS PERMISSIONS
|
||||
$session_user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_clients WHERE user_id = $session_user_id");
|
||||
$session_user_client_access_array = array();
|
||||
while($row = mysqli_fetch_array($session_user_client_access_sql)){
|
||||
$session_user_client_access_array[] = $row['client_id'];
|
||||
}
|
||||
$session_user_client_access = implode(',',$session_user_client_access_array);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
|
@ -65,4 +84,4 @@
|
|||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('alert_id') AS num FROM alerts WHERE alert_ack_date IS NULL AND company_id = $session_company_id"));
|
||||
$num_alerts = $row['num'];
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
@ -202,7 +202,7 @@ $location_phone = formatPhoneNumber($location_phone);
|
|||
}
|
||||
?>
|
||||
</div>
|
||||
<?php if($session_permission_level == 1 OR $session_permission_level > 3){ ?>
|
||||
<?php if($session_user_role == 1 OR $session_user_role > 3){ ?>
|
||||
<div class="col-md-3 border-left">
|
||||
<h4 class="text-secondary">Billing</h4>
|
||||
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo get_currency_symbol($session_company_currency); ?> <?php echo number_format($amount_paid,2); ?></div></h6>
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
<?php include("header.php");
|
||||
|
||||
//Permission check
|
||||
if($session_permission_level == 2){
|
||||
$permission_sql = "AND client_id IN ($session_permission_clients)";
|
||||
// Role / Client Access Permission Check
|
||||
if($session_user_role == 2){
|
||||
$permission_sql = "AND client_id IN ($session_user_client_access)";
|
||||
}else{
|
||||
$permission_sql = "";
|
||||
}
|
||||
|
|
|
|||
99
db.sql
99
db.sql
|
|
@ -54,6 +54,24 @@ CREATE TABLE `alerts` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `api_keys`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `api_keys`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `api_keys` (
|
||||
`api_key_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`api_key_secret` varchar(255) NOT NULL,
|
||||
`api_key_description` varchar(255) DEFAULT NULL,
|
||||
`api_key_created_at` datetime NOT NULL,
|
||||
`api_key_expire` datetime NOT NULL,
|
||||
`company_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`api_key_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `assets`
|
||||
--
|
||||
|
|
@ -582,6 +600,8 @@ CREATE TABLE `logs` (
|
|||
`log_type` varchar(200) NOT NULL,
|
||||
`log_action` varchar(255) NOT NULL,
|
||||
`log_description` varchar(255) NOT NULL,
|
||||
`log_ip` varchar(200) DEFAULT NULL,
|
||||
`log_user_agent` varchar(250) DEFAULT NULL,
|
||||
`log_created_at` datetime NOT NULL,
|
||||
`log_archived_at` datetime DEFAULT NULL,
|
||||
`log_client_id` int(11) DEFAULT NULL,
|
||||
|
|
@ -663,25 +683,6 @@ CREATE TABLE `payments` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `permissions`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `permissions`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `permissions` (
|
||||
`permission_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`permission_level` tinyint(1) NOT NULL,
|
||||
`permission_default_company` int(11) NOT NULL,
|
||||
`permission_companies` varchar(500) NOT NULL,
|
||||
`permission_clients` varchar(500) DEFAULT NULL,
|
||||
`permission_actions` tinyint(1) DEFAULT NULL,
|
||||
`user_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`permission_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `products`
|
||||
--
|
||||
|
|
@ -810,6 +811,20 @@ CREATE TABLE `revenues` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `roles`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `roles`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `roles` (
|
||||
`role_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`role_name` varchar(200) NOT NULL,
|
||||
PRIMARY KEY (`role_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `settings`
|
||||
--
|
||||
|
|
@ -1019,6 +1034,34 @@ CREATE TABLE `trips` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `user_clients`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `user_clients`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `user_clients` (
|
||||
`user_id` int(11) NOT NULL,
|
||||
`client_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`user_id`,`client_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `user_companies`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `user_companies`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `user_companies` (
|
||||
`user_id` int(11) NOT NULL,
|
||||
`company_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`user_id`,`company_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `user_keys`
|
||||
--
|
||||
|
|
@ -1035,6 +1078,21 @@ CREATE TABLE `user_keys` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `user_settings`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `user_settings`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `user_settings` (
|
||||
`user_id` int(11) NOT NULL,
|
||||
`user_default_company` int(11) NOT NULL,
|
||||
`user_role` int(11) NOT NULL,
|
||||
PRIMARY KEY (`user_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `users`
|
||||
--
|
||||
|
|
@ -1052,6 +1110,7 @@ CREATE TABLE `users` (
|
|||
`user_created_at` datetime NOT NULL,
|
||||
`user_updated_at` datetime DEFAULT NULL,
|
||||
`user_archived_at` datetime DEFAULT NULL,
|
||||
`role_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`user_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
|
@ -1098,4 +1157,4 @@ CREATE TABLE `vendors` (
|
|||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||
|
||||
-- Dump completed on 2021-12-08 22:31:20
|
||||
-- Dump completed on 2021-12-22 13:04:22
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
||||
</div>
|
||||
<select class="form-control select2" name="company" required>
|
||||
<select class="form-control select2" name="default_company" required>
|
||||
<option value="">- Company -</option>
|
||||
<?php
|
||||
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
$company_id_select = $row['company_id'];
|
||||
$company_name_select = $row['company_name'];
|
||||
?>
|
||||
<option <?php if($company_id_select == $permission_default_company){ echo "selected"; } ?> value="<?php echo $company_id_select; ?>"><?php echo $company_name_select; ?></option>
|
||||
<option <?php if($company_id_select == $user_default_company){ echo "selected"; } ?> value="<?php echo $company_id_select; ?>"><?php echo $company_name_select; ?></option>
|
||||
|
||||
<?php
|
||||
}
|
||||
|
|
@ -81,18 +81,19 @@
|
|||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>Permission <strong class="text-danger">*</strong></label>
|
||||
<label>Role <strong class="text-danger">*</strong></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
||||
</div>
|
||||
<select class="form-control select2" name="level" required>
|
||||
<option value="">- Permission -</option>
|
||||
<option <?php if($permission_level == 5){ echo "selected"; } ?> value="5">Global Admininstrator</option>
|
||||
<option <?php if($permission_level == 4){ echo "selected"; } ?> value="4">Administrator</option>
|
||||
<option <?php if($permission_level == 3){ echo "selected"; } ?> value="3">Technician</option>
|
||||
<option <?php if($permission_level == 2){ echo "selected"; } ?> value="2">IT Contractor</option>
|
||||
<option <?php if($permission_level == 1){ echo "selected"; } ?> value="1">Accounting</option>
|
||||
<select class="form-control select2" name="role" required>
|
||||
<option value="">- Role -</option>
|
||||
<option <?php if($user_role == 6){ echo "selected"; } ?> value="6">Global Admininstrator</option>
|
||||
<option <?php if($user_role == 5){ echo "selected"; } ?> value="5">Administrator</option>
|
||||
<option <?php if($user_role == 4){ echo "selected"; } ?> value="4">Technician</option>
|
||||
<option <?php if($user_role == 3){ echo "selected"; } ?> value="3">IT Contractor</option>
|
||||
<option <?php if($user_role == 2){ echo "selected"; } ?> value="2">Client</option>
|
||||
<option <?php if($user_role == 1){ echo "selected"; } ?> value="1">Accountant</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -45,8 +45,8 @@ scratch. This page gets rid of all links and provides the needed markup only.
|
|||
|
||||
if(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "client.php"){
|
||||
include("client_side_nav.php");
|
||||
}elseif(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "settings-general.php"){
|
||||
include("admin_side_nav.php");
|
||||
//}elseif(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "settings-general.php"){
|
||||
//include("admin_side_nav.php");
|
||||
}else{
|
||||
include("side_nav.php");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -272,7 +272,7 @@ if(isset($_GET['invoice_id'])){
|
|||
<td class="text-center"><?php echo $item_quantity; ?></td>
|
||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_price,2); ?></td>
|
||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_tax,2); ?></td>
|
||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_total,2); ?></td>
|
||||
<td class="text-right"><?php echo $client_currency_symbol; ?><?php echo number_format($item_total,2); ?></td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
|
|
|
|||
11
login.php
11
login.php
|
|
@ -24,18 +24,17 @@ session_start();
|
|||
|
||||
if(isset($_POST['login'])){
|
||||
|
||||
$username = strip_tags(mysqli_real_escape_string($mysqli,$_POST['username']));
|
||||
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
||||
$password = $_POST['password'];
|
||||
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
||||
if(!empty($current_code)){
|
||||
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
||||
}
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username'");
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$email'");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
if(password_verify($password, $row['user_password'])){
|
||||
|
||||
|
||||
$token = $row['user_token'];
|
||||
$_SESSION['user_id'] = $row['user_id'];
|
||||
$_SESSION['user_name'] = $row['user_name'];
|
||||
|
|
@ -77,7 +76,7 @@ if(isset($_POST['login'])){
|
|||
}
|
||||
|
||||
}else{
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username failed to log in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
|
||||
|
||||
$response = "
|
||||
<div class='alert alert-danger'>
|
||||
|
|
@ -118,7 +117,7 @@ if(isset($_POST['login'])){
|
|||
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
|
||||
<form method="post">
|
||||
<div class="input-group mb-3">
|
||||
<input type="text" class="form-control" placeholder="Email" name="username" value="<?php if(!empty($token_field)){ echo $username; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
|
||||
<input type="text" class="form-control" placeholder="Email" name="email" value="<?php if(!empty($token_field)){ echo $email; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
|
||||
<div class="input-group-append">
|
||||
<div class="input-group-text">
|
||||
<span class="fas fa-envelope"></span>
|
||||
|
|
@ -164,4 +163,4 @@ if(isset($_POST['login'])){
|
|||
</script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
55
post.php
55
post.php
|
|
@ -21,10 +21,16 @@ if(isset($_POST['change_records_per_page'])){
|
|||
if(isset($_GET['switch_company'])){
|
||||
$company_id = intval($_GET['switch_company']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE permissions SET permission_default_company = $company_id WHERE user_id = $session_user_id");
|
||||
//Check to see if user has Permission to access the company
|
||||
if(in_array($company_id,$session_user_company_access_array)){
|
||||
mysqli_query($mysqli,"UPDATE user_settings SET user_default_company = $company_id WHERE user_id = $session_user_id");
|
||||
|
||||
$_SESSION['alert_type'] = "info";
|
||||
$_SESSION['alert_message'] = "Switched Companies!";
|
||||
$_SESSION['alert_type'] = "info";
|
||||
$_SESSION['alert_message'] = "Switched Companies!";
|
||||
}else{
|
||||
$_SESSION['alert_type'] = "danger";
|
||||
$_SESSION['alert_message'] = "What are you trying to DO! WHy did you do this? WHYYY??";
|
||||
}
|
||||
|
||||
header("Location: dashboard.php");
|
||||
|
||||
|
|
@ -35,8 +41,8 @@ if(isset($_POST['add_user'])){
|
|||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
||||
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
||||
$company = intval($_POST['company']);
|
||||
$level = intval($_POST['level']);
|
||||
$default_company = intval($_POST['default_company']);
|
||||
$role = intval($_POST['role']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()");
|
||||
|
||||
|
|
@ -89,9 +95,12 @@ if(isset($_POST['add_user'])){
|
|||
}
|
||||
}
|
||||
|
||||
//Create Permissions
|
||||
mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id");
|
||||
|
||||
//Create Settings
|
||||
mysqli_query($mysqli,"INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_default_company = $default_company");
|
||||
|
||||
//Create Company Access Permissions
|
||||
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$name', log_created_at = NOW()");
|
||||
|
||||
|
|
@ -107,8 +116,8 @@ if(isset($_POST['edit_user'])){
|
|||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
||||
$new_password = trim($_POST['new_password']);
|
||||
$company = intval($_POST['company']);
|
||||
$level = intval($_POST['level']);
|
||||
$default_company = intval($_POST['default_company']);
|
||||
$role = intval($_POST['role']);
|
||||
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
|
||||
|
||||
if(!file_exists("uploads/users/$user_id/")) {
|
||||
|
|
@ -167,8 +176,8 @@ if(isset($_POST['edit_user'])){
|
|||
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
|
||||
}
|
||||
|
||||
//Create Permissions
|
||||
mysqli_query($mysqli,"UPDATE permissions SET permission_level = $level, permission_default_company = $company WHERE user_id = $user_id");
|
||||
//Update User Settings
|
||||
mysqli_query($mysqli,"UPDATE user_settings SET user_role = $role, user_default_company = $default_company WHERE user_id = $user_id");
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$user_name', log_created_at = NOW()");
|
||||
|
|
@ -251,12 +260,13 @@ if(isset($_POST['edit_profile'])){
|
|||
if(isset($_POST['edit_user_companies'])){
|
||||
|
||||
$user_id = intval($_POST['user_id']);
|
||||
$companies = mysqli_real_escape_string($mysqli,$_POST['companies']);
|
||||
|
||||
//Turn the Array into a string with , seperation
|
||||
$companies_imploded = implode(",",$companies);
|
||||
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
|
||||
|
||||
mysqli_query($mysqli,"UPDATE permissions SET permission_companies = '$companies_imploded' WHERE user_id = $user_id");
|
||||
foreach($_POST['companies'] as $company){
|
||||
intval($company);
|
||||
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company");
|
||||
}
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
||||
|
|
@ -270,12 +280,13 @@ if(isset($_POST['edit_user_companies'])){
|
|||
if(isset($_POST['edit_user_clients'])){
|
||||
|
||||
$user_id = intval($_POST['user_id']);
|
||||
$clients = mysqli_real_escape_string($mysqli,$_POST['clients']);
|
||||
|
||||
//Turn the Array into a string with , seperation
|
||||
$clients_imploded = implode(",",$clients);
|
||||
mysqli_query($mysqli,"DELETE FROM user_clients WHERE user_id = $user_id");
|
||||
|
||||
mysqli_query($mysqli,"UPDATE permissions SET permission_clients = '$clients_imploded' WHERE user_id = $user_id");
|
||||
foreach($_POST['clients'] as $client){
|
||||
intval($client);
|
||||
mysqli_query($mysqli,"INSERT INTO user_clients SET user_id = $user_id, client_id = $client");
|
||||
}
|
||||
|
||||
//logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
||||
|
|
@ -304,7 +315,7 @@ if(isset($_GET['delete_user'])){
|
|||
$user_id = intval($_GET['delete_user']);
|
||||
|
||||
mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
|
||||
mysqli_query($mysqli,"DELETE FROM permissions WHERE user_id = $user_id");
|
||||
mysqli_query($mysqli,"DELETE FROM user_settings WHERE user_id = $user_id");
|
||||
mysqli_query($mysqli,"DELETE FROM logs WHERE log_user_id = $user_id");
|
||||
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
|
||||
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
|
||||
|
|
@ -904,7 +915,7 @@ if(isset($_POST['add_client'])){
|
|||
}
|
||||
|
||||
//Log Add Client
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
|
||||
|
||||
//Add Location
|
||||
if(!empty($address) OR !empty($city) OR !empty($state) OR !empty($zip)){
|
||||
|
|
|
|||
|
|
@ -441,6 +441,9 @@ if(isset($_POST['add_user'])){
|
|||
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
|
||||
}
|
||||
}
|
||||
|
||||
//Create Settings
|
||||
mysqli_query($mysqli,"INSERT INTO user_settings SET user_id = $user_id, user_role = 6, user_default_company = 1");
|
||||
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
<!-- Sidebar Menu -->
|
||||
<nav class="mt-3">
|
||||
<?php
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_permission_companies)");
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)");
|
||||
|
||||
if(mysqli_num_rows($sql) > 1){
|
||||
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
</a>
|
||||
</li>
|
||||
|
||||
<?php if($session_permission_level > 2){ ?>
|
||||
<?php if($session_user_role > 2){ ?>
|
||||
|
||||
<li class="nav-header mt-3">SUPPORT</li>
|
||||
<li class="nav-item">
|
||||
|
|
@ -93,7 +93,7 @@
|
|||
|
||||
<?php } ?>
|
||||
|
||||
<?php if($session_permission_level == 1 OR $session_permission_level > 3){ ?>
|
||||
<?php if($session_user_role == 1 OR $session_user_role > 3){ ?>
|
||||
|
||||
<li class="nav-header mt-3">SALES</li>
|
||||
<li class="nav-item">
|
||||
|
|
@ -202,7 +202,7 @@
|
|||
|
||||
<?php } ?>
|
||||
|
||||
<?php if($session_permission_level > 3){ ?>
|
||||
<?php if($session_user_role > 3){ ?>
|
||||
|
||||
<li class="nav-header mt-3">SETTINGS</li>
|
||||
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ if(isset($_GET['ticket_id'])){
|
|||
<form class="mb-3" action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
|
||||
<div class="form-group">
|
||||
<textarea class="form-control summernote" name="ticket_reply"></textarea>
|
||||
<textarea class="form-control summernote" name="ticket_reply" required></textarea>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="col-md-3">
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@
|
|||
<?php } ?>
|
||||
<p>
|
||||
<?php echo $session_name; ?>
|
||||
<small><?php echo $session_permission_level_display; ?></small>
|
||||
<small><?php echo $session_user_role_display; ?></small>
|
||||
</p>
|
||||
</li>
|
||||
<!-- Menu Footer-->
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<ul class="list-group">
|
||||
|
||||
<?php
|
||||
$sql_clients_select = mysqli_query($mysqli,"SELECT * FROM clients, companies WHERE clients.company_id = companies.company_id AND companies.company_id IN ($permission_companies) ORDER BY client_name ASC");
|
||||
$sql_clients_select = mysqli_query($mysqli,"SELECT * FROM clients, companies WHERE clients.company_id = companies.company_id AND companies.company_id IN ($user_company_access) ORDER BY client_name ASC");
|
||||
|
||||
while($row = mysqli_fetch_array($sql_clients_select)){
|
||||
$client_id_select = $row['client_id'];
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
?>
|
||||
<li class="list-group-item">
|
||||
<div class="form-check">
|
||||
<input type="checkbox" class="form-check-input" name="clients[]" value="<?php echo $client_id_select; ?>" <?php if(in_array("$client_id_select",$permission_clients_array)){ echo "checked"; } ?> >
|
||||
<input type="checkbox" class="form-check-input" name="clients[]" value="<?php echo $client_id_select; ?>" <?php if(in_array("$client_id_select",$user_client_access_array)){ echo "checked"; } ?> >
|
||||
<label class="form-check-label ml-2"><?php echo $client_name_select; ?></label>
|
||||
</div>
|
||||
</li>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
|
||||
<input type="hidden" name="companies[]" value="<?php echo $permission_default_company; ?>">
|
||||
<input type="hidden" name="companies[]" value="<?php echo $user_default_company; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
|
|
@ -29,8 +29,8 @@
|
|||
?>
|
||||
<li class="list-group-item">
|
||||
<div class="form-check">
|
||||
<input type="checkbox" class="form-check-input" name="companies[]" value="<?php echo $company_id_select; ?>" <?php if(in_array("$company_id_select",$permission_companies_array)){ echo "checked"; } ?> <?php if($permission_default_company == $company_id_select){ echo "disabled"; } ?>>
|
||||
<label class="form-check-label ml-2"><?php echo $company_name_select; ?> <?php if($permission_default_company == $company_id_select){ echo "<small>(Default Company)</small>"; } ?></label>
|
||||
<input type="checkbox" class="form-check-input" name="companies[]" value="<?php echo $company_id_select; ?>" <?php if(in_array("$company_id_select",$user_company_access_array)){ echo "checked"; } ?> <?php if($user_default_company == $company_id_select){ echo "disabled"; } ?>>
|
||||
<label class="form-check-label ml-2"><?php echo $company_name_select; ?> <?php if($user_default_company == $company_id_select){ echo "<small>(Default Company)</small>"; } ?></label>
|
||||
</div>
|
||||
</li>
|
||||
|
||||
|
|
|
|||
49
users.php
49
users.php
|
|
@ -39,8 +39,8 @@
|
|||
//Rebuild URL
|
||||
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, permissions
|
||||
WHERE users.user_id = permissions.user_id
|
||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
|
||||
WHERE users.user_id = user_settings.user_id
|
||||
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
|
||||
ORDER BY $sb $o LIMIT $record_from, $record_to");
|
||||
|
||||
|
|
@ -85,24 +85,35 @@
|
|||
$user_name = $row['user_name'];
|
||||
$user_email = $row['user_email'];
|
||||
$user_avatar = $row['user_avatar'];
|
||||
$permission_default_company = $row['permission_default_company'];
|
||||
$permission_level = $row['permission_level'];
|
||||
if($permission_level == 5){
|
||||
$permission_level_display = "Global Administrator";
|
||||
}elseif($permission_level == 4){
|
||||
$permission_level_display = "Administrator";
|
||||
}elseif($permission_level == 3){
|
||||
$permission_level_display = "Technician";
|
||||
}elseif($permission_level == 2){
|
||||
$permission_level_display = "IT Contractor";
|
||||
$user_default_company = $row['user_default_company'];
|
||||
$user_role = $row['user_role'];
|
||||
if($user_role == 6){
|
||||
$user_role_display = "Global Administrator";
|
||||
}elseif($user_role == 5){
|
||||
$user_role_display = "Administrator";
|
||||
}elseif($user_role == 4){
|
||||
$user_role_display = "Technician";
|
||||
}elseif($user_role == 3){
|
||||
$user_role_display = "IT Contractor";
|
||||
}elseif($user_role == 2){
|
||||
$user_role_display = "Client";
|
||||
}else{
|
||||
$permission_level_display = "Accounting";
|
||||
$user_role_display = "Accountant";
|
||||
}
|
||||
$permission_companies = $row['permission_companies'];
|
||||
$permission_companies_array = explode(",",$permission_companies);
|
||||
$permission_clients = $row['permission_clients'];
|
||||
$permission_clients_array = explode(",",$permission_clients);
|
||||
$permission_actions = $row['permission_actions'];
|
||||
$user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $user_id");
|
||||
$user_company_access_array = array();
|
||||
while($row = mysqli_fetch_array($user_company_access_sql)){
|
||||
$user_company_access_array[] = $row['company_id'];
|
||||
}
|
||||
$user_company_access = implode(',',$user_company_access_array);
|
||||
|
||||
$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_clients WHERE user_id = $user_id");
|
||||
$user_client_access_array = array();
|
||||
while($row = mysqli_fetch_array($user_client_access_sql)){
|
||||
$user_client_access_array[] = $row['client_id'];
|
||||
}
|
||||
$user_client_access = implode(',',$user_client_access_array);
|
||||
|
||||
$user_initials = initials($user_name);
|
||||
|
||||
$sql_last_login = mysqli_query($mysqli,"SELECT * FROM logs
|
||||
|
|
@ -137,7 +148,7 @@
|
|||
</a>
|
||||
</td>
|
||||
<td><a href="mailto:<?php echo $email; ?>"><?php echo $user_email; ?></a></td>
|
||||
<td><?php echo $permission_level_display; ?></td>
|
||||
<td><?php echo $user_role_display; ?></td>
|
||||
<td>-</td>
|
||||
<td><?php echo $log_created_at; ?> <br> <small class="text-secondary"><?php echo $last_login; ?></small></td>
|
||||
<td>
|
||||
|
|
|
|||
Loading…
Reference in New Issue