From ef651f52486296c1b0e2eb89d01ddbe225bd236d Mon Sep 17 00:00:00 2001 From: johnnyq Date: Thu, 14 Nov 2024 16:07:35 -0500 Subject: [PATCH] Updated admin posts to use new logAction function, tidy and added more details to logging --- post/admin/admin_api.php | 40 +++++++++------ post/admin/admin_backup.php | 26 ++++++---- post/admin/admin_bulk_mail.php | 16 +++--- post/admin/admin_category.php | 54 ++++++++++++++------ post/admin/admin_custom_field.php | 25 +++++---- post/admin/admin_custom_link.php | 26 ++++++---- post/admin/admin_document_template.php | 7 +-- post/admin/admin_mail_queue.php | 37 ++++++++------ post/admin/admin_project_template.php | 27 ++++------ post/admin/admin_role.php | 13 +++-- post/admin/admin_settings_ai.php | 6 +-- post/admin/admin_settings_company.php | 6 +-- post/admin/admin_settings_default.php | 6 +-- post/admin/admin_settings_integration.php | 4 +- post/admin/admin_settings_invoice.php | 5 +- post/admin/admin_settings_localization.php | 4 +- post/admin/admin_settings_mail.php | 6 +-- post/admin/admin_settings_module.php | 4 +- post/admin/admin_settings_notification.php | 10 ++-- post/admin/admin_settings_online_payment.php | 4 +- post/admin/admin_settings_project.php | 4 +- post/admin/admin_settings_quote.php | 4 +- post/admin/admin_settings_security.php | 4 +- post/admin/admin_settings_telemetry.php | 4 +- post/admin/admin_settings_theme.php | 10 ++-- post/admin/admin_settings_ticket.php | 4 +- 26 files changed, 204 insertions(+), 152 deletions(-) diff --git a/post/admin/admin_api.php b/post/admin/admin_api.php index b5e0a54a..8817b62a 100644 --- a/post/admin/admin_api.php +++ b/post/admin/admin_api.php @@ -10,19 +10,19 @@ if (isset($_POST['add_api_key'])) { $name = sanitizeInput($_POST['name']); $expire = sanitizeInput($_POST['expire']); - $client = intval($_POST['client']); + $client_id = intval($_POST['client']); $secret = sanitizeInput($_POST['key']); // API Key // Credential decryption password $password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT); $apikey_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password'])); - mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_decrypt_hash = '$apikey_specific_encryption_ciphertext', api_key_expire = '$expire', api_key_client_id = $client"); + mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_decrypt_hash = '$apikey_specific_encryption_ciphertext', api_key_expire = '$expire', api_key_client_id = $client_id"); $api_key_id = mysqli_insert_id($mysqli); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Create', log_description = '$session_name created API Key $name set to expire on $expire', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client, log_user_id = $session_user_id, log_entity_id = $api_key_id"); + logAction("API Key", "Create", "$session_name created API key $name set to expire on $expire", $client_id, $api_key_id); $_SESSION['alert_message'] = "API Key $name created"; @@ -37,13 +37,14 @@ if (isset($_GET['delete_api_key'])) { $api_key_id = intval($_GET['delete_api_key']); // Get API Key Name - $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id")); - $name = sanitizeInput($row['api_key_name']); + $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); + $api_key_name = sanitizeInput($row['api_key_name']); + $client_id = intval($row['api_key_client_id']); mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted API key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $api_key_id"); + logAction("API Key", "Delete", "$session_name deleted API key $name", $client_id); $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "API Key $name deleted"; @@ -56,25 +57,32 @@ if (isset($_POST['bulk_delete_api_keys'])) { validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $api_key_ids = $_POST['api_key_ids']; // Get array of API key IDs to be deleted + if (isset($_POST['api_key_ids'])) { - if (!empty($api_key_ids)) { + $count = count($_POST['api_key_ids']); - // Cycle through array and delete each scheduled ticket - foreach ($api_key_ids as $api_key_id) { + // Cycle through array and delete each record + foreach ($_POST['api_key_ids'] as $api_key_id) { $api_key_id = intval($api_key_id); - mysqli_query($mysqli, "DELETE FROM api_keys WHERE api_key_id = $api_key_id"); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted API key (bulk)', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $api_key_id"); + + // Get API Key Name + $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); + $api_key_name = sanitizeInput($row['api_key_name']); + $client_id = intval($row['api_key_client_id']); + + mysqli_query($mysqli, "DELETE FROM api_keys WHERE api_key_id = $api_key_id"); + + // Logging + logAction("API Key", "Delete", "$session_name deleted API key $name", $client_id); - $count++; } // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name bulk deleted $count keys', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("API Key", "Bulk Delete", "$session_name deleted $count API key(s)"); - $_SESSION['alert_message'] = "Deleted $count keys(s)"; + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Deleted $count API keys(s)"; } diff --git a/post/admin/admin_backup.php b/post/admin/admin_backup.php index 5ae7cfb4..8649e91d 100644 --- a/post/admin/admin_backup.php +++ b/post/admin/admin_backup.php @@ -79,8 +79,8 @@ if (isset($_GET['download_database'])) { exec('rm ' . $backup_file_name); } - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Database', log_action = 'Download', log_description = '$session_name downloaded the database', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Database", "Download", "$session_name downloaded the database"); $_SESSION['alert_message'] = "Database downloaded"; } @@ -92,25 +92,29 @@ if (isset($_POST['backup_master_key'])) { $password = $_POST['password']; $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id"); - $userRow = mysqli_fetch_array($sql); + $row = mysqli_fetch_array($sql); - if (password_verify($password, $userRow['user_password'])) { - $site_encryption_master_key = decryptUserSpecificKey($userRow['user_specific_encryption_ciphertext'], $password); - - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name retrieved the master encryption key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); - mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Settings', notification = '$session_name retrieved the master encryption key'"); + if (password_verify($password, $row['user_password'])) { + $site_encryption_master_key = decryptUserSpecificKey($row['user_specific_encryption_ciphertext'], $password); + + // Logging + logAction("Master Key", "Download", "$session_name retrieved the master encryption key"); + // App Notify + appNotify("Master Key", "$session_name retrieved the master encryption key"); echo "=============================="; echo "
Master encryption key:
"; echo "$site_encryption_master_key"; echo "
=============================="; + } else { - //Log the failure - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name attempted to retrieve the master encryption key (failure)', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Log the failure + logAction("Master Key", "Download", "$session_name attempted to retrieve the master encryption key but failed"); + $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Incorrect password."; + header("Location: " . $_SERVER["HTTP_REFERER"]); } } diff --git a/post/admin/admin_bulk_mail.php b/post/admin/admin_bulk_mail.php index dc26b722..cdbf999f 100644 --- a/post/admin/admin_bulk_mail.php +++ b/post/admin/admin_bulk_mail.php @@ -6,7 +6,9 @@ if (isset($_POST['send_bulk_mail_now'])) { - if ($_POST['contact_ids']) { + if (isset($_POST['contact_ids'])) { + + $count = count($_POST['contact_ids']); $mail_from = sanitizeInput($_POST['mail_from']); $mail_from_name = sanitizeInput($_POST['mail_from_name']); @@ -36,15 +38,11 @@ if (isset($_POST['send_bulk_mail_now'])) { ]; } addToMailQueue($mysqli, $data); - - // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Bulk Mail', log_action = 'Send', log_description = '$session_name sent bulk email', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); - $_SESSION['alert_message'] = "You Sent Bulk Mail"; - - } else { - - $_SESSION['alert_message'] = "NO Bulk Mail SENT"; + // Logging + logAction("Bulk Mail", "Send", "$session_name sent $count messages via bulk mail"); + + $_SESSION['alert_message'] = "$count messages queued"; } diff --git a/post/admin/admin_category.php b/post/admin/admin_category.php index f89d37bf..c3a97fc2 100644 --- a/post/admin/admin_category.php +++ b/post/admin/admin_category.php @@ -10,10 +10,12 @@ if (isset($_POST['add_category'])) { mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Category', log_action = 'Create', log_description = '$name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + $category_id = mysqli_insert_id($mysqli); - $_SESSION['alert_message'] = "Category added"; + // Logging + logAction("Category", "Create", "$session_name created category $type $name", 0, $category_id); + + $_SESSION['alert_message'] = "Category $type $name created"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -27,53 +29,75 @@ if (isset($_POST['edit_category'])) { mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_type = '$type', category_color = '$color' WHERE category_id = $category_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Category', log_action = 'Modify', log_description = '$name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Category", "Edit", "$session_name edited category $type $name", 0, $category_id); - $_SESSION['alert_message'] = "Category modified"; + $_SESSION['alert_message'] = "Category $type $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_GET['archive_category'])) { + $category_id = intval($_GET['archive_category']); + // Get Category Name and Type for logging + $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); + $row = mysqli_fetch_array($sql); + $category_name = sanitizeInput($row['category_name']); + $category_type = sanitizeInput($row['category_type']); + mysqli_query($mysqli,"UPDATE categories SET category_archived_at = NOW() WHERE category_id = $category_id"); - //logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Category', log_action = 'Archive', log_description = '$category_id'"); + // Logging + logAction("Category", "Archive", "$session_name archived category $type $name", 0, $category_id); - $_SESSION['alert_message'] = "Category Archived"; + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Category $type $name archived"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_GET['unarchive_category'])) { + $category_id = intval($_GET['unarchive_category']); + // Get Category Name and Type for logging + $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); + $row = mysqli_fetch_array($sql); + $category_name = sanitizeInput($row['category_name']); + $category_type = sanitizeInput($row['category_type']); + mysqli_query($mysqli,"UPDATE categories SET category_archived_at = NULL WHERE category_id = $category_id"); - //logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Category', log_action = 'Unarchive', log_description = '$category_id'"); + // Logging + logAction("Category", "Unarchive", "$session_name unarchived category $type $name", 0, $category_id); - $_SESSION['alert_message'] = "Category Unarchived"; + $_SESSION['alert_message'] = "Category $type $name unarchived"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_GET['delete_category'])) { + $category_id = intval($_GET['delete_category']); + // Get Category Name and Type for logging + $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); + $row = mysqli_fetch_array($sql); + $category_name = sanitizeInput($row['category_name']); + $category_type = sanitizeInput($row['category_type']); + mysqli_query($mysqli,"DELETE FROM categories WHERE category_id = $category_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Category', log_action = 'Delete', log_description = '$category_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Category", "Delete", "$session_name deleted category $type $name"); - $_SESSION['alert_message'] = "Category deleted"; $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Category $type $name deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_custom_field.php b/post/admin/admin_custom_field.php index 00c1769d..85f2a739 100644 --- a/post/admin/admin_custom_field.php +++ b/post/admin/admin_custom_field.php @@ -12,10 +12,12 @@ if(isset($_POST['create_custom_field'])){ mysqli_query($mysqli,"INSERT INTO custom_fields SET custom_field_table = '$table', custom_field_label = '$label', custom_field_type = '$type'"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Field', log_action = 'Create', log_description = '$label', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + $custom_field_id = mysqli_insert_id($mysqli); - $_SESSION['alert_message'] = "Custom field created"; + // Logging + logAction("Custom Field", "Create", "$session_name created custom field $label", 0, $custom_field_id); + + $_SESSION['alert_message'] = "Custom field $label created"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -29,10 +31,10 @@ if(isset($_POST['edit_custom_field'])){ mysqli_query($mysqli,"UPDATE custom_fields SET custom_field_label = '$label', custom_field_type = '$type' WHERE custom_field_id = $custom_field_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Field', log_action = 'Edit', log_description = '$label', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Custom Field", "Edit", "$session_name edited custom field $label", 0, $custom_field_id); - $_SESSION['alert_message'] = "You edited the custom field"; + $_SESSION['alert_message'] = "Custom field $label edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -41,13 +43,18 @@ if(isset($_POST['edit_custom_field'])){ if(isset($_GET['delete_custom_field'])){ $custom_field_id = intval($_GET['delete_custom_field']); + // Get Custom Field Label for logging + $sql = mysqli_query($mysqli,"SELECT custom_field_label FROM custom_fields WHERE custom_field_id = $custom_field_id"); + $row = mysqli_fetch_array($sql); + $custom_field_label = sanitizeInput($row['custom_field_label']); + mysqli_query($mysqli,"DELETE FROM custom_fields WHERE custom_field_id = $custom_field_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Fields', log_action = 'Delete', log_description = '$custom_field_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Custom Field", "Delete", "$session_name deleted custom field $label"); - $_SESSION['alert_message'] = "You deleted custom field"; $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Custom field $label deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_custom_link.php b/post/admin/admin_custom_link.php index 5a84be51..a49c2975 100644 --- a/post/admin/admin_custom_link.php +++ b/post/admin/admin_custom_link.php @@ -15,10 +15,12 @@ if (isset($_POST['add_custom_link'])) { mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Create', log_description = '$session_name created custom link $name --> $uri', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + $custom_link_id = mysqli_insert_id($mysqli); - $_SESSION['alert_message'] = "Custom link successfully created!"; + // Logging + logAction("Custom Link", "Create", "$session_name created custom link $name -> $uri", 0, $custom_link_id); + + $_SESSION['alert_message'] = "Custom link $name created"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -36,10 +38,10 @@ if (isset($_POST['edit_custom_link'])) { mysqli_query($mysqli,"UPDATE custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location WHERE custom_link_id = $custom_link_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Modify', log_description = '$session_name edited the custom link $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Custom Link", "Edit", "$session_name edited custom link $name -> $uri", 0, $custom_link_id); - $_SESSION['alert_message'] = "Custom Link modified"; + $_SESSION['alert_message'] = "Custom Link $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -48,13 +50,19 @@ if (isset($_POST['edit_custom_link'])) { if (isset($_GET['delete_custom_link'])) { $custom_link_id = intval($_GET['delete_custom_link']); + // Get Custom Link name and uri for logging + $sql = mysqli_query($mysqli,"SELECT custom_link_name, custom_link_uri FROM custom_links WHERE custom_link_id = $custom_link_id"); + $row = mysqli_fetch_array($sql); + $custom_link_name = sanitizeInput($row['custom_link_name']); + $custom_link_uri = sanitizeInput($row['custom_link_uri']); + mysqli_query($mysqli,"DELETE FROM custom_links WHERE custom_link_id = $custom_link_id"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Delete', log_description = '$session_name deleted a custom link', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Custom Link", "Delete", "$session_name deleted custom link $custom_link_name -> $custom_link_uri"); - $_SESSION['alert_message'] = "Custom Link deleted!"; $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Custom Link $name deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_document_template.php b/post/admin/admin_document_template.php index cb2431ed..40cdd2e9 100644 --- a/post/admin/admin_document_template.php +++ b/post/admin/admin_document_template.php @@ -14,12 +14,13 @@ if (isset($_POST['add_document_template'])) { $content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content'])); // Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching. - // Document add query - $add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0"); + // Document create query + mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0"); + $document_id = mysqli_insert_id($mysqli); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = '$session_name created document template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $document_id"); + logAction("Document Template", "Create", "$session_name created document template $name", $client_id, $document_id); $_SESSION['alert_message'] = "Document template $name created"; diff --git a/post/admin/admin_mail_queue.php b/post/admin/admin_mail_queue.php index b6210f64..f178dc5c 100644 --- a/post/admin/admin_mail_queue.php +++ b/post/admin/admin_mail_queue.php @@ -7,7 +7,7 @@ if (isset($_GET['send_failed_mail'])) { mysqli_query($mysqli,"UPDATE email_queue SET email_status = 0, email_attempts = 3 WHERE email_id = $email_id"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Send', log_description = '$session_name attempted to force send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id"); + logAction("Email", "Send", "$session_name attempted to force send email id: $email_id in the mail queue", 0, $email_id); $_SESSION['alert_message'] = "Email Force Sent, give it a minute to resend"; @@ -22,8 +22,9 @@ if (isset($_GET['cancel_mail'])) { mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name canceled send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id"); + logAction("Email", "Send", "$session_name canceled send email id: $email_id in the mail queue", 0, $email_id); + $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Email cancelled and marked as failed."; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -34,24 +35,25 @@ if (isset($_POST['bulk_cancel_emails'])) { validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $email_ids = $_POST['email_ids']; // Get array of email IDs to be cancelled + if (isset($_POST['email_ids'])) { - if (!empty($email_ids)) { + $count = count($_POST['email_ids']); // Cycle through array and mark each email as failed - foreach ($email_ids as $email_id) { + foreach ($_POST['email_ids'] as $email_id) { $email_id = intval($email_id); mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id"); - $count++; + // Logging + logAction("Email", "Cancel", "$session_name cancelled email id: $email_id in the mail queue", 0, $email_id); + } // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name bulk cancelled $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Email", "Bulk Cancel", "$session_name cancelled $count email(s) in the mail queue"); - $_SESSION['alert_message'] = "Cancelled $count email(s)"; + $_SESSION['alert_message'] = "Cancelled $count email(s)"; } @@ -62,25 +64,26 @@ if (isset($_POST['bulk_delete_emails'])) { validateCSRFToken($_POST['csrf_token']); - $count = 0; // Default 0 - $email_ids = $_POST['email_ids']; // Get array of email IDs to be deleted + if (isset($_POST['email_ids'])) { - if (!empty($email_ids)) { + $count = count($_POST['email_ids']); // Cycle through array and delete each email - foreach ($email_ids as $email_id) { + foreach ($_POST['email_ids'] as $email_id) { $email_id = intval($email_id); mysqli_query($mysqli,"DELETE FROM email_queue WHERE email_id = $email_id"); - $count++; + // Logging + logAction("Email", "Delete", "$session_name deleted email id: $email_id from the mail queue"); + } // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Delete', log_description = '$session_name bulk deleted $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Email", "Bulk Delete", "$session_name deleted $count email(s) from the mail queue"); - $_SESSION['alert_type'] = "danger"; - $_SESSION['alert_message'] = "Deleted $count email(s)"; + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Deleted $count email(s)"; } diff --git a/post/admin/admin_project_template.php b/post/admin/admin_project_template.php index f9bf373b..790828a7 100644 --- a/post/admin/admin_project_template.php +++ b/post/admin/admin_project_template.php @@ -2,7 +2,6 @@ if (isset($_POST['add_project_template'])) { - validateTechRole(); $name = sanitizeInput($_POST['name']); $description = sanitizeInput($_POST['description']); @@ -11,9 +10,9 @@ if (isset($_POST['add_project_template'])) { $project_template_id = mysqli_insert_id($mysqli); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Create', log_description = '$session_name created project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id"); + logAction("Project Template", "Create", "$session_name created project template $name", 0, $project_template_id); - $_SESSION['alert_message'] = "You created Project Template $name"; + $_SESSION['alert_message'] = "Project Template $name created"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -21,7 +20,6 @@ if (isset($_POST['add_project_template'])) { if (isset($_POST['edit_project_template'])) { - validateTechRole(); $project_template_id = intval($_POST['project_template_id']); $name = sanitizeInput($_POST['name']); $description = sanitizeInput($_POST['description']); @@ -29,16 +27,15 @@ if (isset($_POST['edit_project_template'])) { mysqli_query($mysqli, "UPDATE project_templates SET project_template_name = '$name', project_template_description = '$description' WHERE project_template_id = $project_template_id"); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name edited Project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id"); + logAction("Project Template", "Edit", "$session_name edited project template $name", 0, $project_template_id); - $_SESSION['alert_message'] = "You edited Project Template $name"; + $_SESSION['alert_message'] = "Project Template $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_POST['edit_ticket_template_order'])) { - validateTechRole(); $ticket_template_id = intval($_POST['ticket_template_id']); $project_template_id = intval($_POST['project_template_id']); $order = intval($_POST['order']); @@ -50,7 +47,6 @@ if (isset($_POST['edit_ticket_template_order'])) { if (isset($_POST['add_ticket_template_to_project_template'])) { - validateTechRole(); $project_template_id = intval($_POST['project_template_id']); $ticket_template_id = intval($_POST['ticket_template_id']); $order = intval($_POST['order']); @@ -58,9 +54,9 @@ if (isset($_POST['add_ticket_template_to_project_template'])) { mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id, ticket_template_order = $order"); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name added a ticket template to project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id"); + logAction("Project Template", "Edit", "$session_name added ticket template to project_template", 0, $project_template_id); - $_SESSION['alert_message'] = "You added a ticket template to the project template"; + $_SESSION['alert_message'] = "Ticket template added"; header("Location: " . $_SERVER["HTTP_REFERER"]); } @@ -74,17 +70,16 @@ if (isset($_POST['remove_ticket_template_from_project_template'])) { mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id AND ticket_template_id = $ticket_template_id"); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name removed a ticket template from a project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id"); + logAction("Project Template", "Edit", "$session_name removed ticket template from project template", 0, $project_template_id); - $_SESSION['alert_message'] = "You removed ticket template from the project template"; + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Ticket template removed"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_GET['delete_project_template'])) { - validateTechRole(); - $project_template_id = intval($_GET['delete_project_template']); // Get project template name @@ -98,10 +93,10 @@ if (isset($_GET['delete_project_template'])) { mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id"); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Delete', log_description = '$session_name deleted ticket template $project_template_name and its associated ticket templates and its tasks', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id"); + logAction("Project Template", "Delete", "$session_name deleted project template $project_template_name and its associated ticket templates and tasks"); $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "You Deleted Project Template $project_template_name and its associated ticket templates and tasks"; + $_SESSION['alert_message'] = "Project Template $project_template_name and its associated ticket templates and tasks deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); } diff --git a/post/admin/admin_role.php b/post/admin/admin_role.php index 33e10985..54471a12 100644 --- a/post/admin/admin_role.php +++ b/post/admin/admin_role.php @@ -14,9 +14,12 @@ if (isset($_POST['add_role'])) { mysqli_query($mysqli, "INSERT INTO user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin"); - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Create', log_description = '$session_name created the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + $user_role_id = mysqli_insert_id($mysqli); - $_SESSION['alert_message'] = "Role $name created"; + // Logging + logAction("User Role", "Create", "$session_name created user role $name", 0, $user_role_id); + + $_SESSION['alert_message'] = "User Role created"; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -31,6 +34,7 @@ if (isset($_POST['edit_role'])) { $name = sanitizeInput($_POST['role_name']); $description = sanitizeInput($_POST['role_description']); $admin = intval($_POST['role_is_admin']); + mysqli_query($mysqli, "UPDATE user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin WHERE user_role_id = $role_id"); // Update role access levels @@ -48,9 +52,10 @@ if (isset($_POST['edit_role'])) { } - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Modify', log_description = '$session_name updated the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("User Role", "Edit", "$session_name edited user role $name", 0, $role_id); - $_SESSION['alert_message'] = "Role $name updated"; + $_SESSION['alert_message'] = "User Role $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); } diff --git a/post/admin/admin_settings_ai.php b/post/admin/admin_settings_ai.php index e11ae7d4..ad7dac98 100644 --- a/post/admin/admin_settings_ai.php +++ b/post/admin/admin_settings_ai.php @@ -16,10 +16,10 @@ if (isset($_POST['edit_ai_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_ai_enable = $ai_enable, config_ai_provider = '$provider', config_ai_model = '$model', config_ai_url = '$url', config_ai_api_key = '$api_key' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited AI settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited AI settings"); - $_SESSION['alert_message'] = "You updated the AI Settings"; + $_SESSION['alert_message'] = "AI Settings updated"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_settings_company.php b/post/admin/admin_settings_company.php index a1d3bcc7..6ec33b45 100644 --- a/post/admin/admin_settings_company.php +++ b/post/admin/admin_settings_company.php @@ -45,10 +45,10 @@ if (isset($_POST['edit_company'])) { mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Modify', log_description = '$session_name modified company $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited company details"); - $_SESSION['alert_message'] = "Company $name updated"; + $_SESSION['alert_message'] = "Company $name edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_settings_default.php b/post/admin/admin_settings_default.php index d717a06a..ba4746d8 100644 --- a/post/admin/admin_settings_default.php +++ b/post/admin/admin_settings_default.php @@ -18,10 +18,10 @@ if (isset($_POST['edit_default_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$start_page', config_default_expense_account = $expense_account, config_default_payment_account = $payment_account, config_default_payment_method = '$payment_method', config_default_expense_payment_method = '$expense_payment_method', config_default_transfer_from_account = $transfer_from_account, config_default_transfer_to_account = $transfer_to_account, config_default_calendar = $calendar, config_default_net_terms = $net_terms, config_default_hourly_rate = $hourly_rate, config_phone_mask = $phone_mask WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified default settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited default settings"); - $_SESSION['alert_message'] = "Default settings updated"; + $_SESSION['alert_message'] = "Default settings edited"; header("Location: " . $_SERVER["HTTP_REFERER"]); } diff --git a/post/admin/admin_settings_integration.php b/post/admin/admin_settings_integration.php index 4d9f72ae..2a8fa844 100644 --- a/post/admin/admin_settings_integration.php +++ b/post/admin/admin_settings_integration.php @@ -9,8 +9,8 @@ if (isset($_POST['edit_integrations_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_azure_client_id = '$azure_client_id', config_azure_client_secret = '$azure_client_secret' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified integrations settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited integrations settings"); $_SESSION['alert_message'] = "Integrations Settings updated"; diff --git a/post/admin/admin_settings_invoice.php b/post/admin/admin_settings_invoice.php index 34501741..2cf4c690 100644 --- a/post/admin/admin_settings_invoice.php +++ b/post/admin/admin_settings_invoice.php @@ -16,11 +16,10 @@ if (isset($_POST['edit_invoice_settings'])) { $config_invoice_paid_notification_email = sanitizeInput($_POST['config_invoice_paid_notification_email']); } - mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_invoice_footer = '$config_invoice_footer', config_invoice_late_fee_enable = $config_invoice_late_fee_enable, config_invoice_late_fee_percent = $config_invoice_late_fee_percent, config_invoice_paid_notification_email = '$config_invoice_paid_notification_email', config_recurring_prefix = '$config_recurring_prefix', config_recurring_next_number = $config_recurring_next_number WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited invoice settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited invoice settings"); $_SESSION['alert_message'] = "Invoice Settings edited"; diff --git a/post/admin/admin_settings_localization.php b/post/admin/admin_settings_localization.php index bf918e77..7f4996a4 100644 --- a/post/admin/admin_settings_localization.php +++ b/post/admin/admin_settings_localization.php @@ -12,8 +12,8 @@ if (isset($_POST['edit_localization'])) { mysqli_query($mysqli,"UPDATE settings SET config_timezone = '$timezone' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Edit', log_description = '$session_name edited company localization settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited localization settings"); $_SESSION['alert_message'] = "Company localization updated"; diff --git a/post/admin/admin_settings_mail.php b/post/admin/admin_settings_mail.php index d09bea38..800ddc6d 100644 --- a/post/admin/admin_settings_mail.php +++ b/post/admin/admin_settings_mail.php @@ -14,7 +14,7 @@ if (isset($_POST['edit_mail_smtp_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_encryption = '$config_smtp_encryption', config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = 1"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified SMTP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Settings", "Edit", "$session_name edited SMTP mail settings"); $_SESSION['alert_message'] = "SMTP Mail Settings updated"; @@ -36,7 +36,7 @@ if (isset($_POST['edit_mail_imap_settings'])) { // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified IMAP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Settings", "Edit", "$session_name edited IMAP mail settings"); $_SESSION['alert_message'] = "IMAP Mail Settings updated"; @@ -63,7 +63,7 @@ if (isset($_POST['edit_mail_from_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified Mail From settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Settings", "Edit", "$session_name edited mail from settings"); $_SESSION['alert_message'] = "Mail From Settings updated"; diff --git a/post/admin/admin_settings_module.php b/post/admin/admin_settings_module.php index 4d231c0a..4df41c9a 100644 --- a/post/admin/admin_settings_module.php +++ b/post/admin/admin_settings_module.php @@ -17,8 +17,8 @@ if (isset($_POST['edit_module_settings'])) { mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 0, config_whitelabel_key = '' WHERE company_id = 1"); } - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified module settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited module settings"); $_SESSION['alert_message'] = "Module Settings updated"; diff --git a/post/admin/admin_settings_notification.php b/post/admin/admin_settings_notification.php index ea833ae0..10e9e196 100644 --- a/post/admin/admin_settings_notification.php +++ b/post/admin/admin_settings_notification.php @@ -13,8 +13,8 @@ if (isset($_POST['edit_notification_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_send_invoice_reminders = $config_send_invoice_reminders, config_recurring_auto_send_invoice = $config_recurring_auto_send_invoice, config_enable_cron = $config_enable_cron, config_enable_alert_domain_expire = $config_enable_alert_domain_expire, config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified notification settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited notification settings"); $_SESSION['alert_message'] = "Notification Settings updated"; @@ -28,10 +28,10 @@ if (isset($_GET['generate_cron_key'])) { mysqli_query($mysqli,"UPDATE settings SET config_cron_key = '$key' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name regenerated cron key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name regenerated the cron key"); - $_SESSION['alert_message'] = "Cron key regenerated!"; + $_SESSION['alert_message'] = "Cron key regenerated"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_settings_online_payment.php b/post/admin/admin_settings_online_payment.php index 9d1a72d1..06f1498a 100644 --- a/post/admin/admin_settings_online_payment.php +++ b/post/admin/admin_settings_online_payment.php @@ -15,8 +15,8 @@ if (isset($_POST['edit_online_payment_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_stripe_enable = $config_stripe_enable, config_stripe_publishable = '$config_stripe_publishable', config_stripe_secret = '$config_stripe_secret', config_stripe_account = $config_stripe_account, config_stripe_expense_vendor = $config_stripe_expense_vendor, config_stripe_expense_category = $config_stripe_expense_category, config_stripe_percentage_fee = $config_stripe_percentage_fee, config_stripe_flat_fee = $config_stripe_flat_fee WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified online payment settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited online payment settings"); $_SESSION['alert_message'] = "Online Payment Settings updated"; diff --git a/post/admin/admin_settings_project.php b/post/admin/admin_settings_project.php index a35d5d9d..f2b42fda 100644 --- a/post/admin/admin_settings_project.php +++ b/post/admin/admin_settings_project.php @@ -9,8 +9,8 @@ if (isset($_POST['edit_project_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_project_prefix = '$config_project_prefix', config_project_next_number = $config_project_next_number WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified project settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited project settings"); $_SESSION['alert_message'] = "Project Settings updated"; diff --git a/post/admin/admin_settings_quote.php b/post/admin/admin_settings_quote.php index f85de889..99df3d08 100644 --- a/post/admin/admin_settings_quote.php +++ b/post/admin/admin_settings_quote.php @@ -14,8 +14,8 @@ if (isset($_POST['edit_quote_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer', config_quote_notification_email = '$config_quote_notification_email' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified quote settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited Quote settings"); $_SESSION['alert_message'] = "Quote Settings updated"; diff --git a/post/admin/admin_settings_security.php b/post/admin/admin_settings_security.php index d18b14a5..e0b388ee 100644 --- a/post/admin/admin_settings_security.php +++ b/post/admin/admin_settings_security.php @@ -13,9 +13,9 @@ if (isset($_POST['edit_security_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire, config_log_retention = $config_log_retention WHERE company_id = 1"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + logAction("Settings", "Edit", "$session_name edited security settings"); - $_SESSION['alert_message'] = "Login key settings updated"; + $_SESSION['alert_message'] = "Security settings updated"; header("Location: " . $_SERVER["HTTP_REFERER"]); } diff --git a/post/admin/admin_settings_telemetry.php b/post/admin/admin_settings_telemetry.php index 9eb312c7..59fc0c5f 100644 --- a/post/admin/admin_settings_telemetry.php +++ b/post/admin/admin_settings_telemetry.php @@ -8,8 +8,8 @@ if (isset($_POST['edit_telemetry_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_telemetry = $config_telemetry WHERE company_id = 1"); - // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified telemetry settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited telemetry settings"); $_SESSION['alert_message'] = "Telemetry Settings updated"; diff --git a/post/admin/admin_settings_theme.php b/post/admin/admin_settings_theme.php index 461f4ce6..0f341353 100644 --- a/post/admin/admin_settings_theme.php +++ b/post/admin/admin_settings_theme.php @@ -8,8 +8,8 @@ if (isset($_POST['edit_theme_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified theme settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited theme settings"); $_SESSION['alert_message'] = "Changed theme to $theme"; @@ -45,10 +45,10 @@ if (isset($_POST['edit_favicon_settings'])) { } } - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name updated the favicon', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name changed the favicon"); - $_SESSION['alert_message'] = "You updated the favicon"; + $_SESSION['alert_message'] = "Favicon Updated"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/admin/admin_settings_ticket.php b/post/admin/admin_settings_ticket.php index 72492184..d59523d4 100644 --- a/post/admin/admin_settings_ticket.php +++ b/post/admin/admin_settings_ticket.php @@ -15,8 +15,8 @@ if (isset($_POST['edit_ticket_settings'])) { mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_email_parse = $config_ticket_email_parse, config_ticket_email_parse_unknown_senders = $config_ticket_email_parse_unknown_senders, config_ticket_autoclose_hours = $config_ticket_autoclose_hours, config_ticket_new_ticket_notification_email = '$config_ticket_new_ticket_notification_email', config_ticket_default_billable = $config_ticket_default_billable WHERE company_id = 1"); - //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + // Logging + logAction("Settings", "Edit", "$session_name edited ticket settings"); $_SESSION['alert_message'] = "Ticket Settings updated";