From e54de2bb73c39df7e0efc38c7807638ebcde958d Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 24 Apr 2023 17:03:01 -0400
Subject: [PATCH] Feature: Users can now be exported to a CSV file

---
 post.php              | 114 +++++++++++++++++++++++++++++++-----------
 user_export_modal.php |  23 +++++++++
 users.php             |  20 ++++++--
 3 files changed, 123 insertions(+), 34 deletions(-)
 create mode 100644 user_export_modal.php

diff --git a/post.php b/post.php
index 1d3aa676..ed4eebe3 100644
--- a/post.php
+++ b/post.php
@@ -200,6 +200,91 @@ if(isset($_GET['disable_user'])){
 
 }
 
+if(isset($_GET['archive_user'])){
+
+    validateAdminRole();
+
+    // CSRF Check
+    validateCSRFToken($_GET['csrf_token']);
+
+    // Variables from GET
+    $user_id = intval($_GET['archive_user']);
+    $password = password_hash(randomString(), PASSWORD_DEFAULT);
+
+    // Get user details
+    $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
+    $row = mysqli_fetch_array($sql);
+    $name = sanitizeInput($row['user_name']);
+
+    // Archive user query
+    mysqli_query($mysqli,"UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archive', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "User <strong>$name</strong> archived";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_POST['export_users_csv'])){
+
+    validateAdminRole();
+
+    //get records from database
+    $sql = mysqli_query($mysqli,"SELECT * FROM users ORDER BY user_name ASC");
+
+    if($sql->num_rows > 0){
+        $delimiter = ",";
+        $filename = $session_company_name . "-Users-" . date('Y-m-d') . ".csv";
+
+        //create a file pointer
+        $f = fopen('php://memory', 'w');
+
+        //set column headers
+        $fields = array('Name', 'Email', 'Role', 'Status', 'Creation Date');
+        fputcsv($f, $fields, $delimiter);
+
+        //output each row of the data, format line as csv and write to file pointer
+        while($row = $sql->fetch_assoc()){
+
+            $user_status = intval($row['user_status']);
+            if ($user_status == 2) {
+                $user_status_display = "Invited";
+            } elseif ($user_status == 1) {
+                $user_status_display = "Active";
+            } else{
+                $user_status_display = "Disabled";
+            }
+            $user_role = $row['user_role'];
+            if ($user_role == 3) {
+                $user_role_display = "Administrator";
+            } elseif ($user_role == 2) {
+                $user_role_display = "Technician";
+            } else {
+                $user_role_display = "Accountant";
+            }
+
+            $lineData = array($row['user_name'], $row['user_email'], $user_role_display, $user_status_display, $row['user_created_at']);
+            fputcsv($f, $lineData, $delimiter);
+        }
+
+        //move back to beginning of file
+        fseek($f, 0);
+
+        //set headers to download file rather than displayed
+        header('Content-Type: text/csv');
+        header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+        //output all remaining data on a file pointer
+        fpassthru($f);
+    }
+    exit;
+
+}
+
 if(isset($_POST['edit_profile'])){
 
     // CSRF Check
@@ -307,35 +392,6 @@ if(isset($_POST['edit_profile'])){
     }
 }
 
-if(isset($_GET['archive_user'])){
-
-    validateAdminRole();
-
-    // CSRF Check
-    validateCSRFToken($_GET['csrf_token']);
-
-    // Variables from GET
-    $user_id = intval($_GET['archive_user']);
-    $password = password_hash(randomString(), PASSWORD_DEFAULT);
-
-    // Get user details
-    $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
-    $row = mysqli_fetch_array($sql);
-    $name = sanitizeInput($row['user_name']);
-
-    // Archive user query
-    mysqli_query($mysqli,"UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
-
-    // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archive', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
-
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "User <strong>$name</strong> archived";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-
-}
-
 // API Key
 if(isset($_POST['add_api_key'])){
 
diff --git a/user_export_modal.php b/user_export_modal.php
new file mode 100644
index 00000000..98666d09
--- /dev/null
+++ b/user_export_modal.php
@@ -0,0 +1,23 @@
+<div class="modal" id="exportUserModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title"><i class="fas fa-fw fa-download mr-2"></i>Export Users to CSV</h5>
+                <button type="button" class="close text-white" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <form action="post.php" method="post" autocomplete="off">
+                <div class="modal-body bg-white">
+
+                    <?php require_once("inc_export_warning.php"); ?>
+
+                </div>
+                <div class="modal-footer bg-white">
+                    <button type="submit" name="export_users_csv" class="btn btn-primary text-bold"><i class="fas fa-fw fa-download mr-2"></i>Download CSV</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
diff --git a/users.php b/users.php
index 246d1187..9850ff86 100644
--- a/users.php
+++ b/users.php
@@ -38,11 +38,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         </div>
     </div>
     <div class="card-body">
-        <form autocomplete="off">
-            <div class="input-group">
-                <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Users">
-                <div class="input-group-append">
-                    <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+        <form class="mb-4" autocomplete="off">
+            <div class="row">
+                <div class="col-md-4">
+                    <div class="input-group">
+                        <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Users">
+                        <div class="input-group-append">
+                            <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                        </div>
+                    </div>
+                </div>
+                <div class="col-md-8">
+                    <div class="float-right">
+                        <button type="button" class="btn btn-default" data-toggle="modal" data-target="#exportUserModal"><i class="fa fa-fw fa-download mr-2"></i>Export</button>
+                    </div>
                 </div>
             </div>
         </form>
@@ -180,4 +189,5 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
 require_once("user_add_modal.php");
 require_once("user_invite_modal.php");
+require_once("user_export_modal.php");
 require_once("footer.php");