AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 

Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
This commit is contained in:
Marcus Hill 2022-04-15 13:29:27 +01:00
parent 779153e099
commit fca1627c33
10 changed files with 225 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ajax.php
View File

@ -60,7 +60,7 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
if(isset($_GET['certificate_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -89,7 +89,7 @@ if(isset($_GET['certificate_get_json_details'])){
if(isset($_GET['domain_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -118,7 +118,7 @@ if(isset($_GET['domain_get_json_details'])){
if(isset($_GET['merge_ticket_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -146,7 +146,7 @@ if(isset($_GET['merge_ticket_get_json_details'])){
if(isset($_GET['network_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -230,7 +230,7 @@ if(isset($_GET['ticket_query_views'])){
if(isset($_GET['share_generate_link'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -282,7 +282,7 @@ if(isset($_GET['share_generate_link'])){
if(isset($_GET['scheduled_ticket_get_json_details'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}

8
api/v1/require_post_method.php Normal file
View File

@ -0,0 +1,8 @@
<?php
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}

4
campaigns.php
View File

@ -154,13 +154,11 @@
//Set Badge color based off of campaign status
if($campaign_status == "Sent"){
$campaign_badge_color = "warning text-white";
$campaign_badge_color = "success";
}elseif($campaign_status == "Queued"){
$campaign_badge_color = "info";
}elseif($campaign_status == "Sending"){
$campaign_badge_color = "primary";
}elseif($campaign_status == "Sent"){
$campaign_badge_color = "success";
}else{
$campaign_badge_color = "secondary";
}

161
check_login.php
View File

@ -1,92 +1,95 @@
<?php
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
//Check to see if setup is enabled
if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php");
exit;
}
if(!$_SESSION['logged']){
header("Location: login.php");
die;
}
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
// User agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
if($session_user_role == 3){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 2){
$session_user_role_display = "Technician";
}else{
$session_user_role_display = "Accountant";
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
//LOAD USER COMPANY ACCESS PERMISSIONS
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while($row = mysqli_fetch_array($session_user_company_access_sql)){
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',',$session_user_company_access_array);
session_start();
}
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if(!in_array($session_company_id,$session_user_company_access_array)){
session_start();
session_destroy();
header('Location: login.php');
}
//Check to see if setup is enabled
if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php");
exit;
}
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
if(!$_SESSION['logged']){
header("Location: login.php");
die;
}
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
include("get_settings.php");
// User agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
//Detects if using an apple device and uses apple maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
$session_user_id = $_SESSION['user_id'];
if($iPod || $iPhone || $iPad){
$session_map_source = "apple";
}else{
$session_map_source = "google";
}
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
if($session_user_role == 3){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 2){
$session_user_role_display = "Technician";
}else{
$session_user_role_display = "Accountant";
}
//Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('notification_id') AS num FROM notifications WHERE notification_dismissed_at IS NULL AND company_id = $session_company_id"));
$num_notifications = $row['num'];
//LOAD USER COMPANY ACCESS PERMISSIONS
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while($row = mysqli_fetch_array($session_user_company_access_sql)){
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',',$session_user_company_access_array);
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if(!in_array($session_company_id,$session_user_company_access_array)){
session_start();
session_destroy();
header('Location: login.php');
}
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
include("get_settings.php");
//Detects if using an apple device and uses apple maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
if($iPod || $iPhone || $iPad){
$session_map_source = "apple";
}else{
$session_map_source = "google";
}
//Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('notification_id') AS num FROM notifications WHERE notification_dismissed_at IS NULL AND company_id = $session_company_id"));
$num_notifications = $row['num'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Role check failed wording
DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
?>

2
client_contact_edit_modal.php
View File

@ -185,7 +185,7 @@
<center class="mb-3">
<?php if(!empty($contact_photo)){ ?>
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<?php }else{ ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

2
client_side_nav.php
View File

@ -228,7 +228,7 @@
</a>
</li>
<?php if($session_user_role == 1 || $session_user_role > 2 AND $config_module_enable_accounting == 1){ ?>
<?php if($session_user_role == 1 || $session_user_role > 2 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">ACCOUNTING</li>

4
clients.php
View File

@ -167,7 +167,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=client_name&order=<?php echo $order_display; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=location_city&order=<?php echo $order_display; ?>">Address </a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=contact_name&order=<?php echo $order_display; ?>">Contact</a></th>
<?php if($session_user_role == 3 || $session_user_role == 1 AND $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3 || $session_user_role == 1 && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
@ -310,7 +310,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</td>
<!-- Show Billing for Admin/Accountant roles only and if accounting module is enabled -->
<?php if($session_user_role == 3 || $session_user_role == 1 AND $config_module_enable_accounting == 1) { ?>
<?php if($session_user_role == 3 || $session_user_role == 1 && $config_module_enable_accounting == 1) { ?>
<td class="text-right">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
<br>

12
login.php
View File

@ -8,17 +8,13 @@ if(!file_exists('config.php')){
include("config.php");
include("functions.php");
//SESSION FINGERPRINT
// SESSION FINGERPRINT
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
//$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
//$device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$user_agent = "$os - $browser";
// Get user agent
// User agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
@ -59,7 +55,7 @@ if(isset($_POST['login'])){
if(isset($_POST['current_code'])){
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email'");
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email' AND user_archived_at IS NULL");
$row = mysqli_fetch_array($sql);
if (password_verify($password, $row['user_password'])) {

248
post.php
View File

@ -53,7 +53,7 @@ if(isset($_POST['add_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -135,7 +135,7 @@ if(isset($_POST['edit_user'])){
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -231,6 +231,13 @@ if(isset($_POST['edit_user'])){
if(isset($_POST['edit_profile'])){
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_POST['user_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
@ -330,6 +337,13 @@ if(isset($_POST['edit_profile'])){
if(isset($_POST['edit_user_companies'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_POST['user_id']);
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
@ -356,67 +370,39 @@ if(isset($_GET['archive_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// Variables from GET
$user_id = intval($_GET['archive_user']);
$password = password_hash(key32gen(), PASSWORD_DEFAULT);
mysqli_query($mysqli,"UPDATE users SET user_archived_at = NOW() WHERE user_id = $user_id");
//Logging
//Get User Name
// Get user details
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
// Archive user query
mysqli_query($mysqli,"UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Archive', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "<strong>$name</strong> archived";
$_SESSION['alert_message'] = "User <strong>$name</strong> archived";
header("Location: users.php");
}
if(isset($_GET['delete_user'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$user_id = intval($_GET['delete_user']);
mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM user_settings WHERE user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM logs WHERE log_user_id = $user_id");
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
mysqli_query($mysqli,"DELETE FROM ticket_replies WHERE ticket_reply_by = $user_id");
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
//Logging
//Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql);
$name = $row['user_name'];
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "User <strong>$name</strong> deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
// API Key
if(isset($_POST['add_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -443,7 +429,7 @@ if(isset($_POST['edit_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -467,7 +453,7 @@ if(isset($_GET['delete_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -495,7 +481,7 @@ if(isset($_POST['add_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -601,7 +587,7 @@ if(isset($_POST['edit_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -704,7 +690,7 @@ if(isset($_GET['delete_company'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -798,7 +784,7 @@ if(isset($_POST['edit_general_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -820,7 +806,7 @@ if(isset($_POST['edit_mail_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -874,7 +860,7 @@ if(isset($_POST['test_email'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -918,7 +904,7 @@ if(isset($_POST['edit_invoice_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -947,7 +933,7 @@ if(isset($_POST['edit_quote_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -973,7 +959,7 @@ if(isset($_POST['edit_ticket_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -998,7 +984,7 @@ if(isset($_POST['edit_default_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1026,7 +1012,7 @@ if(isset($_POST['edit_alert_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1051,7 +1037,7 @@ if(isset($_POST['edit_online_payment_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1074,7 +1060,7 @@ if(isset($_POST['edit_integrations_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1100,7 +1086,7 @@ if(isset($_POST['edit_backup_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1123,7 +1109,7 @@ if(isset($_POST['edit_module_settings'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1175,7 +1161,7 @@ if(isset($_GET['download_database'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1260,7 +1246,7 @@ if(isset($_POST['backup_master_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1297,7 +1283,7 @@ if(isset($_GET['update'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1325,7 +1311,7 @@ if(isset($_GET['update_db'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1348,7 +1334,7 @@ if(isset($_POST['add_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1430,7 +1416,7 @@ if(isset($_POST['edit_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -1469,7 +1455,7 @@ if(isset($_GET['delete_client'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4193,7 +4179,7 @@ if(isset($_POST['add_contact'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4280,7 +4266,7 @@ if(isset($_POST['edit_contact'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4376,7 +4362,7 @@ if(isset($_GET['archive_contact'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4398,7 +4384,7 @@ if(isset($_GET['delete_contact'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4462,7 +4448,7 @@ if(isset($_POST['add_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4548,7 +4534,7 @@ if(isset($_POST['edit_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4638,7 +4624,7 @@ if(isset($_GET['delete_location'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4703,7 +4689,7 @@ if(isset($_POST['add_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4716,7 +4702,7 @@ if(isset($_POST['add_department'])){
$contact_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Create', log_description = '$department_name', log_created_at = NOW(), company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Create', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] .= "Department added";
@ -4728,7 +4714,7 @@ if(isset($_POST['edit_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4740,7 +4726,7 @@ if(isset($_POST['edit_department'])){
mysqli_query($mysqli,"UPDATE departments SET department_name = '$department_name', department_updated_at = NOW() WHERE department_id = $department_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Modify', log_description = '$department_name', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Modify', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] .= "Department updated";
@ -4752,7 +4738,7 @@ if(isset($_GET['archive_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4762,7 +4748,7 @@ if(isset($_GET['archive_department'])){
mysqli_query($mysqli,"UPDATE departments SET department_archived_at = NOW() WHERE department_id = $department_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Archive', log_description = '$department_id', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Archive', log_description = '$department_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Department Archived!";
@ -4774,7 +4760,7 @@ if(isset($_GET['delete_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4796,7 +4782,7 @@ if(isset($_POST['add_asset'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4852,7 +4838,7 @@ if(isset($_POST['edit_asset'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4915,7 +4901,7 @@ if(isset($_GET['delete_asset'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -4937,7 +4923,7 @@ if(isset($_POST["import_client_assets_csv"])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5074,7 +5060,7 @@ if(isset($_GET['export_client_assets_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5123,7 +5109,7 @@ if(isset($_POST['add_software'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5187,7 +5173,7 @@ if(isset($_POST['edit_software'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5258,7 +5244,7 @@ if(isset($_GET['delete_software'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5284,7 +5270,7 @@ if(isset($_GET['export_client_software_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5333,7 +5319,7 @@ if(isset($_POST['add_login'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5365,7 +5351,7 @@ if(isset($_POST['edit_login'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5397,7 +5383,7 @@ if(isset($_GET['delete_login'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5419,7 +5405,7 @@ if(isset($_GET['export_client_logins_csv'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5469,7 +5455,7 @@ if(isset($_POST['add_network'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5497,7 +5483,7 @@ if(isset($_POST['edit_network'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5524,7 +5510,7 @@ if(isset($_POST['edit_network'])){
if(isset($_GET['delete_network'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5546,7 +5532,7 @@ if(isset($_GET['export_client_networks_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5595,7 +5581,7 @@ if(isset($_POST['add_certificate'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5637,7 +5623,7 @@ if(isset($_POST['edit_certificate'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5679,7 +5665,7 @@ if(isset($_GET['delete_certificate'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5701,7 +5687,7 @@ if(isset($_GET['export_client_certificates_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5750,7 +5736,7 @@ if(isset($_POST['add_domain'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5827,7 +5813,7 @@ if(isset($_POST['edit_domain'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5872,7 +5858,7 @@ if(isset($_GET['delete_domain'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5894,7 +5880,7 @@ if(isset($_GET['export_client_domains_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5944,7 +5930,7 @@ if(isset($_POST['add_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -5978,7 +5964,7 @@ if(isset($_POST['add_ticket'])){
$id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $subject', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Ticket created";
@ -5990,7 +5976,7 @@ if(isset($_POST['add_scheduled_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6020,7 +6006,7 @@ if(isset($_POST['add_scheduled_ticket'])){
mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_created_at = NOW(), scheduled_ticket_created_by = '$session_user_id', scheduled_ticket_client_id = '$client_id', scheduled_ticket_contact_id = '$contact', scheduled_ticket_asset_id = '$asset_id', company_id = '$session_company_id'");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Created scheduled ticket for $subject - $frequency', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Created scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Scheduled ticket created.";
@ -6032,7 +6018,7 @@ if(isset($_POST['edit_scheduled_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6068,7 +6054,7 @@ if(isset($_GET['delete_scheduled_ticket'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6090,7 +6076,7 @@ if(isset($_POST['edit_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6125,7 +6111,7 @@ if(isset($_POST['assign_ticket'])){
// Role check
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6176,7 +6162,7 @@ if(isset($_GET['delete_ticket'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6198,7 +6184,7 @@ if(isset($_POST['add_ticket_reply'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6292,7 +6278,7 @@ if(isset($_POST['edit_ticket_reply'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6321,7 +6307,7 @@ if(isset($_GET['archive_ticket_reply'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6343,7 +6329,7 @@ if(isset($_POST['merge_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6401,7 +6387,7 @@ if(isset($_GET['close_ticket'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6520,7 +6506,7 @@ if(isset($_GET['export_client_tickets_csv'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6569,7 +6555,7 @@ if(isset($_POST['add_service'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6676,7 +6662,7 @@ if(isset($_POST['edit_service'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6785,7 +6771,7 @@ if(isset($_GET['delete_service'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6883,7 +6869,7 @@ if(isset($_GET['delete_file'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6913,7 +6899,7 @@ if(isset($_POST['add_document'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -6958,7 +6944,7 @@ if(isset($_POST['edit_document'])){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7005,7 +6991,7 @@ if(isset($_GET['delete_document'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7030,7 +7016,7 @@ if (isset($_POST['add_document_tag'])) {
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7048,7 +7034,7 @@ if (isset($_POST['delete_document_tag'])) {
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7069,7 +7055,7 @@ if (isset($_POST['rename_document_tag'])) {
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7088,7 +7074,7 @@ if (isset($_POST['rename_document_tag'])) {
if(isset($_GET['deactivate_shared_item'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
@ -7521,7 +7507,7 @@ if(isset($_GET['export_client_pdf'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}

4
users.php
View File

@ -12,6 +12,7 @@
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
WHERE users.user_id = user_settings.user_id
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
AND user_archived_at IS NULL
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -119,7 +120,7 @@
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserCompaniesModal<?php echo $user_id; ?>">Company Access</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_user=<?php echo $user_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#archiveUserModal<?php echo $user_id; ?>">Archive</a>
</div>
</div>
</td>
@ -129,6 +130,7 @@
include("user_edit_modal.php");
include("user_companies_modal.php");
include("user_archive_modal.php");
}