AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Disable and Activate Users, fixes #539

This commit is contained in:
johnnyq 2023-01-13 18:24:50 -05:00
parent df9182cd78
commit c0399a2c42
11 changed files with 91 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
database_updates.php
View File

@ -419,11 +419,16 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.5'");
}
//if(CURRENT_DATABASE_VERSION == '0.2.5'){
// Insert queries here required to update to DB version 0.2.6
if(CURRENT_DATABASE_VERSION == '0.2.5'){
mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_status` TINYINT(1) DEFAULT 1 AFTER `user_password`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.6'");
}
//if(CURRENT_DATABASE_VERSION == '0.2.6'){
// Insert queries here required to update to DB version 0.2.7
// Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.6'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.7'");
//}

2
database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.2.5");
DEFINE("LATEST_DATABASE_VERSION", "0.2.6");

17
db.sql
View File

@ -266,6 +266,20 @@ CREATE TABLE `companies` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_assets`
--
DROP TABLE IF EXISTS `contact_assets`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `contact_assets` (
`contact_id` int(11) NOT NULL,
`asset_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`,`asset_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_documents`
--
@ -1405,6 +1419,7 @@ CREATE TABLE `users` (
`user_name` varchar(200) NOT NULL,
`user_email` varchar(200) NOT NULL,
`user_password` varchar(200) NOT NULL,
`user_status` tinyint(1) DEFAULT 1,
`user_token` varchar(200) DEFAULT NULL,
`user_avatar` varchar(200) DEFAULT NULL,
`user_specific_encryption_ciphertext` varchar(200) DEFAULT NULL,
@ -1522,4 +1537,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2023-01-09 19:14:30
-- Dump completed on 2023-01-13 18:23:52

2
login.php
View File

@ -54,7 +54,7 @@ if(isset($_POST['login'])){
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
if (password_verify($password, $row['user_password'])) {
// User variables

35
post.php
View File

@ -237,6 +237,41 @@ if(isset($_POST['edit_user'])){
}
if(isset($_GET['activate_user'])){
validateAdminRole();
$user_id = intval($_GET['activate_user']);
mysqli_query($mysqli,"UPDATE users SET user_status = 1 WHERE user_id = $user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Activate', log_description = '$session_name activated user $user_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "User activated!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['disable_user'])){
validateAdminRole();
$user_id = intval($_GET['disable_user']);
mysqli_query($mysqli,"UPDATE users SET user_status = 0 WHERE user_id = $user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Disabled', log_description = '$session_name disabled user $user_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "User disabled!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['edit_profile'])){
// CSRF Check

6
revenue_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-money-bill-alt mr-2"></i>New Revenue</h5>
<h5 class="modal-title"><i class="fas fa-money-bill-alt"></i> New Revenue</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -43,7 +43,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-dollar-sign"></i></span>
</div>
<input type="number" class="form-control" step="0.01" min="0.00" name="amount" required>
<input type="number" class="form-control" step="0.01" min="0.00" name="amount" placeholder="Enter an amount" required>
</div>
</div>
@ -122,7 +122,7 @@
<div class="form-group">
<label>Description</label>
<textarea class="form-control" rows="4" name="description"></textarea>
<textarea class="form-control" rows="5" name="description" placeholder="Enter a description"></textarea>
</div>
<div class="form-row">

6
ticket_invoice_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file"></i> Invoice Ticket</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file"></i> Invoice ticket</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -169,8 +169,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_invoice_from_ticket" class="btn btn-primary">Create Invoice</button>
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_invoice_from_ticket" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create Invoice</button>
</div>
</form>
</div>

4
user_add_modal.php
View File

@ -98,8 +98,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_user" class="btn btn-primary">Save</button>
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_user" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
</div>
</form>
</div>

6
user_companies_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> <?php echo $user_name; ?> Companies</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> Company access: <strong><?php echo $user_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -42,8 +42,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_user_companies" class="btn btn-primary">Save</button>
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_user_companies" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
</div>
</form>
</div>

6
user_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-user"></i> <?php echo $user_name; ?></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-user-edit"></i> Editing user: <strong><?php echo $user_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -120,8 +120,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_user" class="btn btn-primary">Save</button>
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_user" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
</div>
</form>
</div>

19
users.php
View File

@ -50,8 +50,8 @@
<tr>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=user_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=user_email&o=<?php echo $disp; ?>">Email</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=Permission_level&o=<?php echo $disp; ?>">Role</a></th>
<th>Status</th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=user_role&o=<?php echo $disp; ?>">Role</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=user_status&o=<?php echo $disp; ?>">Status</a></th>
<th>Last Login</th>
<th class="text-center">Action</th>
</tr>
@ -63,6 +63,14 @@
$user_id = $row['user_id'];
$user_name = htmlentities($row['user_name']);
$user_email = htmlentities($row['user_email']);
$user_status = intval($row['user_status']);
if($user_status == 2){
$user_status_display = "<span class='text-info'>Invited</span>";
}elseif($user_status == 1){
$user_status_display = "<span class='text-success'>Active</span>";
}else{
$user_status_display = "<span class='text-danger'>Disabled</span>";
}
$user_avatar = htmlentities($row['user_avatar']);
$user_token = htmlentities($row['user_token']);
$user_default_company = $row['user_default_company'];
@ -116,7 +124,7 @@
</td>
<td><a href="mailto:<?php echo $user_email; ?>"><?php echo $user_email; ?></a></td>
<td><?php echo $user_role_display; ?></td>
<td>-</td>
<td><?php echo $user_status_display; ?></td>
<td><?php echo $log_created_at; ?> <br> <small class="text-secondary"><?php echo $last_login; ?></small></td>
<td>
<div class="dropdown dropleft text-center">
@ -125,6 +133,11 @@
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">Edit</a>
<?php if($user_status == 0){ ?>
<a class="dropdown-item text-success" href="post.php?activate_user=<?php echo $user_id; ?>">Activate</a>
<?php }elseif($user_status == 1){ ?>
<a class="dropdown-item text-danger" href="post.php?disable_user=<?php echo $user_id; ?>">Disable</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserCompaniesModal<?php echo $user_id; ?>">Company Access</a>
<div class="dropdown-divider"></div>