diff --git a/post.php b/post.php index fd44e7a2..c1abcbd5 100644 --- a/post.php +++ b/post.php @@ -190,6 +190,7 @@ if(isset($_POST['edit_user'])){ if(isset($_GET['activate_user'])){ validateAdminRole(); + validateCSRFToken($_GET['csrf_token']); $user_id = intval($_GET['activate_user']); @@ -207,6 +208,7 @@ if(isset($_GET['activate_user'])){ if(isset($_GET['disable_user'])){ validateAdminRole(); + validateCSRFToken($_GET['csrf_token']); $user_id = intval($_GET['disable_user']); @@ -6836,7 +6838,7 @@ if(isset($_POST['merge_ticket'])){ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Merged', log_description = 'Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); $_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number."; - + header("Location: " . $_SERVER["HTTP_REFERER"]); } diff --git a/user_companies_modal.php b/user_companies_modal.php index 45871592..3fed68ed 100644 --- a/user_companies_modal.php +++ b/user_companies_modal.php @@ -14,6 +14,10 @@
+ +
Select Companies that the user will need access to
diff --git a/users.php b/users.php index e225a22e..085eacb0 100644 --- a/users.php +++ b/users.php @@ -10,11 +10,14 @@ if (!empty($_GET['sb'])) { //Rebuild URL $url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o))); -$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings +$sql = mysqli_query( + $mysqli, + "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%') AND user_archived_at IS NULL - ORDER BY $sb $o LIMIT $record_from, $record_to"); + ORDER BY $sb $o LIMIT $record_from, $record_to" +); $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -67,9 +70,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $user_status = intval($row['user_status']); if ($user_status == 2) { $user_status_display = "Invited"; - }elseif ($user_status == 1) { + } elseif ($user_status == 1) { $user_status_display = "Active"; - }else{ + } else{ $user_status_display = "Disabled"; } $user_avatar = htmlentities($row['user_avatar']); @@ -78,9 +81,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $user_role = $row['user_role']; if ($user_role == 3) { $user_role_display = "Administrator"; - }elseif ($user_role == 2) { + } elseif ($user_role == 2) { $user_role_display = "Technician"; - }else{ + } else { $user_role_display = "Accountant"; } $user_company_access_sql = mysqli_query($mysqli, "SELECT company_id FROM user_companies WHERE user_id = $user_id"); @@ -95,8 +98,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $sql_last_login = mysqli_query( $mysqli, "SELECT * FROM logs - WHERE log_user_id = $user_id AND log_type = 'Login' - ORDER BY log_id DESC LIMIT 1" + WHERE log_user_id = $user_id AND log_type = 'Login' + ORDER BY log_id DESC LIMIT 1" ); $row = mysqli_fetch_array($sql_last_login); $log_created_at = $row['log_created_at']; @@ -115,11 +118,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); "> - + - - - + + +
@@ -142,9 +145,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Edit - Activate + Activate - Disable + Disable
Company Access @@ -157,9 +160,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- +