diff --git a/admin/post/saved_payment_method.php b/admin/post/saved_payment_method.php
index bb8c6270..da69664a 100644
--- a/admin/post/saved_payment_method.php
+++ b/admin/post/saved_payment_method.php
@@ -3,6 +3,7 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_GET['delete_saved_payment'])) {
+
validateCSRFToken($_GET['csrf_token']);
$saved_payment_id = intval($_GET['delete_saved_payment']);
diff --git a/user/post/budget.php b/user/post/budget.php
index 6a005925..a095e18e 100644
--- a/user/post/budget.php
+++ b/user/post/budget.php
@@ -9,10 +9,10 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['save_budget'])) {
- enforceUserPermission('module_financial', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_financial', 2);
+
$budgets = $_POST['budget'];
$year = intval($_POST['year']);
@@ -34,31 +34,27 @@ if (isset($_POST['save_budget'])) {
}
}
- // Logging
logAction("Budget", "Edit", "$session_name edited the budget for $year");
- $_SESSION['alert_message'] = "Budget Updated for $year";
+ flash_alert("Budget Updated for $year");
redirect();
- exit;
}
if (isset($_POST['delete_budget'])) {
- enforceUserPermission('module_financial', 3);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_financial', 3);
+
$year = intval($_POST['year']);
mysqli_query($mysqli,"DELETE FROM budget WHERE budget_year = $year");
- // Logging
logAction("Budget", "Delete", "$session_name deleted the budget for $year");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Budget deleted for $year";
+ flash_alert("Budget deleted for $year", 'error');
redirect();
diff --git a/user/post/category.php b/user/post/category.php
index 8d2bb55f..82d912ca 100644
--- a/user/post/category.php
+++ b/user/post/category.php
@@ -14,10 +14,9 @@ if (isset($_POST['add_category'])) {
$category_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Category", "Create", "$session_name created category $type $name", 0, $category_id);
- $_SESSION['alert_message'] = "Category $type $name created";
+ flash_alert("Category $type $name created");
redirect();
diff --git a/user/post/certificate.php b/user/post/certificate.php
index 647c7091..1ba08967 100644
--- a/user/post/certificate.php
+++ b/user/post/certificate.php
@@ -32,10 +32,9 @@ if (isset($_POST['add_certificate'])) {
$certificate_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Certificate", "Create", "$session_name created certificate $name", $client_id, $certificate_id);
- $_SESSION['alert_message'] = "Certificate $name created";
+ flash_aletr("Certificate $name created");
redirect();
@@ -99,10 +98,9 @@ if (isset($_POST['edit_certificate'])) {
}
}
- // Logging
logAction("Certificate", "Edit", "$session_name edited certificate $name", $client_id, $certificate_id);
- $_SESSION['alert_message'] = "Certificate $name updated";
+ flash_alert("Certificate $name updated");
redirect();
@@ -122,11 +120,9 @@ if (isset($_GET['archive_certificate'])) {
mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NOW() WHERE certificate_id = $certificate_id");
- // logging
logAction("Certificate", "Archive", "$session_name arhvived certificate $certificate_name", $client_id, $certificate_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Certificate $certificate_name archived";
+ flash_alert("Certificate $certificate_name archived", 'alert');
redirect();
@@ -146,10 +142,9 @@ if (isset($_GET['unarchive_certificate'])) {
mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NULL WHERE certificate_id = $certificate_id");
- // logging
logAction("Certificate", "Unarchive", "$session_name restored certificate $certificate_name", $client_id, $certificate_id);
- $_SESSION['alert_message'] = "Certificate $certificate_name restored";
+ flash_alert("Certificate $certificate_name restored");
redirect();
@@ -169,19 +164,19 @@ if (isset($_GET['delete_certificate'])) {
mysqli_query($mysqli,"DELETE FROM certificates WHERE certificate_id = $certificate_id");
- // Logging
logAction("Certificate", "Delete", "$session_name deleted certificate $name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Certificate $certificate_name deleted";
+ flash_alert("Certificate $certificate_name deleted");
redirect();
}
if (isset($_POST['bulk_delete_certificates'])) {
- enforceUserPermission('module_support', 3);
+
validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_support', 3);
if (isset($_POST['certificate_ids'])) {
@@ -201,19 +196,18 @@ if (isset($_POST['bulk_delete_certificates'])) {
mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id");
- // Logging
logAction("Certificate", "Delete", "$session_name deleted certificate $certificate_name", $client_id);
}
- // Logging
logAction("Certificate", "Bulk Delete", "$session_name deleted $count certificates", $client_id);
- $_SESSION['alert_message'] = "Deleted $count certificate(s)";
+ flash_alert("Deleted $count certificate(s)", 'error');
}
redirect();
+
}
if (isset($_POST['export_certificates_csv'])) {
@@ -260,7 +254,6 @@ if (isset($_POST['export_certificates_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Certificate", "Export", "$session_name exported $num_rows certificate(s) to a CSV file", $client_id);
exit;
diff --git a/user/post/client.php b/user/post/client.php
index ebbb5991..c8b1c4d0 100644
--- a/user/post/client.php
+++ b/user/post/client.php
@@ -9,6 +9,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_client'])) {
validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_client', 2);
require_once 'client_model.php';
@@ -48,7 +49,7 @@ if (isset($_POST['add_client'])) {
$sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = '$referral'");
if(mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '$referral', category_type = 'Referral'");
- // Logging
+
logAction("Category", "Create", "$session_name created referral category $referral");
}
@@ -113,12 +114,11 @@ if (isset($_POST['add_client'])) {
}
- // Logging
logAction("Client", "Create", "$session_name created client $name$extended_log_description", $client_id, $client_id);
- $_SESSION['alert_message'] = "Client $name created";
+ flash_alert("Client $name created");
- header("Location: clients.php");
+ redirect();
}
@@ -137,7 +137,6 @@ if (isset($_POST['edit_client'])) {
if(mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '$referral', category_type = 'Referral'");
- // Logging
logAction("Category", "Create", "$session_name created referral category $referral");
}
@@ -153,71 +152,68 @@ if (isset($_POST['edit_client'])) {
}
}
- // Logging
logAction("Client", "Edit", "$session_name edited client $name", $client_id, $client_id);
- $_SESSION['alert_message'] = "Client $name updated";
+ flash_alert("Client $name updated");
redirect();
+
}
if (isset($_GET['archive_client'])) {
validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_client', 2);
$client_id = intval($_GET['archive_client']);
// Get Client Name
- $sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id");
- $row = mysqli_fetch_array($sql);
- $client_name = sanitizeInput($row['client_name']);
+ $client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
mysqli_query($mysqli, "UPDATE clients SET client_archived_at = NOW() WHERE client_id = $client_id");
- // Logging
logAction("Client", "Archive", "$session_name archived client $client_name", $client_id, $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Client $client_name archived";
+ flash_alert("Client $client_name archived", 'error');
redirect();
+
}
if (isset($_GET['restore_client'])) {
validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_client', 2);
$client_id = intval($_GET['restore_client']);
// Get Client Name
- $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $client_id");
- $row = mysqli_fetch_array($sql);
- $client_name = sanitizeInput($row['client_name']);
+ $client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
mysqli_query($mysqli, "UPDATE clients SET client_archived_at = NULL WHERE client_id = $client_id");
- // Logging
logAction("Client", "Restored", "$session_name restored client $client_name", $client_id);
- $_SESSION['alert_message'] = "Client $client_name restored";
+ flash_alert("Client $client_name restored");
redirect();
+
}
if (isset($_GET['delete_client'])) {
validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_client', 3);
$client_id = intval($_GET['delete_client']);
- //Get Client Name
- $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $client_id");
- $row = mysqli_fetch_array($sql);
- $client_name = sanitizeInput($row['client_name']);
+ // Get Client Name
+ $client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
+ // Delete Associations
// Delete Client Data
mysqli_query($mysqli, "DELETE FROM api_keys WHERE api_key_client_id = $client_id");
mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_client_id = $client_id");
@@ -300,13 +296,12 @@ if (isset($_GET['delete_client'])) {
//Finally Remove the Client
mysqli_query($mysqli, "DELETE FROM clients WHERE client_id = $client_id");
- //Logging
logAction("Client", "Deleted", "$session_name deleted Client $client_name and all associated data");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Client $client_name deleted along with all associated data";
+ flash_alert("Client $client_name deleted along with all associated data", 'error');
+
+ redirect();
- header("Location: clients.php");
}
if (isset($_POST['export_clients_csv'])) {
@@ -352,6 +347,7 @@ if (isset($_POST['export_clients_csv'])) {
logAction("Client", "Export", "$session_name exported $num_rows client(s) to a CSV file");
}
+
exit;
}
@@ -364,10 +360,8 @@ if (isset($_POST["import_clients_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
- $_SESSION['alert_message'] = "Please select a file to upload.";
- $_SESSION['alert_type'] = "error";
+ flash_alert("Please select a file to upload.", 'error');
redirect();
- exit();
}
//Check file is CSV
@@ -375,13 +369,13 @@ if (isset($_POST["import_clients_csv"])) {
$allowed_file_extensions = array('csv');
if (in_array($file_extension,$allowed_file_extensions) === false) {
$error = true;
- $_SESSION['alert_message'] = "Bad file extension";
+ flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif ($_FILES["file"]["size"] < 1) {
$error = true;
- $_SESSION['alert_message'] = "Bad file size (empty?)";
+ flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@@ -389,7 +383,7 @@ if (isset($_POST["import_clients_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 22) {
$error = true;
- $_SESSION['alert_message'] = "Bad column count.";
+ flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@@ -550,17 +544,16 @@ if (isset($_POST["import_clients_csv"])) {
}
fclose($file);
- //Logging
logAction("Client", "Import", "$session_name imported $row_count client(s) via CSV file, $duplicate_count duplicate(s) found");
- $_SESSION['alert_message'] = "$row_count Client(s) added, $duplicate_count duplicate(s) found";
+ flash_alert("$row_count Client(s) added, $duplicate_count duplicate(s) found");
+
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
- $_SESSION['alert_type'] = "warning";
redirect();
}
}
@@ -586,16 +579,17 @@ if (isset($_GET['download_clients_csv_template'])) {
//output all remaining data on a file pointer
fpassthru($f);
+
exit;
}
if (isset($_POST['bulk_edit_client_industry'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
$industry = sanitizeInput($_POST['bulk_industry']);
if (isset($_POST['client_ids'])) {
@@ -611,15 +605,13 @@ if (isset($_POST['bulk_edit_client_industry'])) {
mysqli_query($mysqli,"UPDATE clients SET client_type = '$industry' WHERE client_id = $client_id");
- //Logging
logAction("Client", "Edit", "$session_name set Industry to $industry for $client_name", $client_id);
}
- // Bulk Log
logAction("Client", "Bulk Edit", "$session_name set the department $industry for $count client(s)", $client_id);
- $_SESSION['alert_message'] = "Set the Industry to $industry for $count clients";
+ flash_alert("Set the Industry to $industry for $count clients");
}
redirect();
@@ -628,10 +620,10 @@ if (isset($_POST['bulk_edit_client_industry'])) {
if (isset($_POST['bulk_edit_client_referral'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
$referral = sanitizeInput($_POST['bulk_referral']);
if (isset($_POST['client_ids'])) {
@@ -647,15 +639,13 @@ if (isset($_POST['bulk_edit_client_referral'])) {
mysqli_query($mysqli,"UPDATE clients SET client_referral = '$referral' WHERE client_id = $client_id");
- //Logging
logAction("Client", "Edit", "$session_name set Referral to $referral for $client_name", $client_id);
}
- // Bulk Log
logAction("Client", "Bulk Edit", "$session_name set the referral $referral for $count client(s)", $client_id);
- $_SESSION['alert_message'] = "Set the Referral to $referral for $count clients";
+ flash_alert("Set the Referral to $referral for $count clients");
}
redirect();
@@ -664,10 +654,10 @@ if (isset($_POST['bulk_edit_client_referral'])) {
if (isset($_POST['bulk_edit_client_hourly_rate'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
$rate = floatval($_POST['bulk_rate']);
if (isset($_POST['client_ids'])) {
@@ -683,15 +673,13 @@ if (isset($_POST['bulk_edit_client_hourly_rate'])) {
mysqli_query($mysqli,"UPDATE clients SET client_rate = '$rate' WHERE client_id = $client_id");
- //Logging
logAction("Client", "Edit", "$session_name set Hourly Rate to" . numfmt_format_currency($currency_format, $rate, $session_company_currency) . "for $client_name", $client_id);
}
- // Bulk Log
logAction("Client", "Bulk Edit", "$session_name set the hourly rate" . numfmt_format_currency($currency_format, $rate, $session_company_currency) . "for $count client(s)", $client_id);
- $_SESSION['alert_message'] = "Set the Hourly Rate to " . numfmt_format_currency($currency_format, $rate, $session_company_currency) . " for $count client(s)";
+ flash_alert("Set the Hourly Rate to " . numfmt_format_currency($currency_format, $rate, $session_company_currency) . " for $count client(s)");
}
redirect();
@@ -700,10 +688,10 @@ if (isset($_POST['bulk_edit_client_hourly_rate'])) {
if (isset($_POST['bulk_assign_client_tags'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
if (isset($_POST['client_ids'])) {
$count = count($_POST['client_ids']);
@@ -736,7 +724,7 @@ if (isset($_POST['bulk_assign_client_tags'])) {
logAction("Client", "Bulk Edit", "$session_name added tags for $count clients", $client_id);
- $_SESSION['alert_message'] = "Assigned tags for $count clients";
+ flash_alert("Assigned tags for $count clients");
}
redirect();
@@ -819,22 +807,21 @@ if (isset($_POST['bulk_send_client_email']) && isset($_POST['client_ids'])) {
if (!empty($data)) {
addToMailQueue($data);
logAction("Bulk Mail", "Send", "$session_name sent " . count($data) . " messages via bulk mail");
- $_SESSION['alert_message'] = "" . count($data) . " messages queued";
+ flash_alert("" . count($data) . " messages queued");
} else {
- $_SESSION['alert_message'] = "No valid contacts found to queue emails.";
+ flash_alert("No valid contacts found to queue emails.", 'error');
}
- // Redirect back
redirect();
- exit;
+
}
if (isset($_POST['bulk_archive_clients'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
if (isset($_POST['client_ids'])) {
$count = 0;
@@ -855,23 +842,22 @@ if (isset($_POST['bulk_archive_clients'])) {
}
- // Bulk Logging
logAction("Client", "Bulk Archive", "$session_name archived $count clients", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived $count client(s)";
+ flash_alert("Archived $count client(s)", 'error');
}
redirect();
+
}
if (isset($_POST['bulk_unarchive_clients'])) {
- enforceUserPermission('module_client', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
if (isset($_POST['client_ids'])) {
$count = count($_POST['client_ids']);
@@ -886,19 +872,18 @@ if (isset($_POST['bulk_unarchive_clients'])) {
mysqli_query($mysqli,"UPDATE clients SET client_archived_at = NULL WHERE client_id = $client_id");
- // Individual Contact logging
logAction("client", "Restore", "$session_name restored $client_name", $client_id);
}
- // Bulk Logging
logAction("Client", "Bulk Restore", "$session_name restored $count client(s)", $client_id);
- $_SESSION['alert_message'] = "You restored $count client(s)";
+ flash_alert("You restored $count client(s)");
}
redirect();
+
}
if (isset($_POST["export_client_pdf"])) {
@@ -940,7 +925,6 @@ if (isset($_POST["export_client_pdf"])) {
$export_trips = intval($_POST["export_trips"]);
$export_logs = intval($_POST["export_logs"]);
- // Logging
logAction("Client", "Export", "$session_name exported client data to a PDF file", $client_id, $client_id);
// Get client record (joining primary contact and primary location)
@@ -1724,4 +1708,5 @@ if (isset($_POST["export_client_pdf"])) {
// Output the PDF document for download
$pdf->Output(strtoAZaz09($client_name) . "-IT_Documentation-" . date("Y-m-d") . ".pdf", "D");
exit;
+
}
diff --git a/user/post/contact.php b/user/post/contact.php
index 9c518fd6..e7bafad5 100644
--- a/user/post/contact.php
+++ b/user/post/contact.php
@@ -66,12 +66,11 @@ if (isset($_POST['add_contact'])) {
}
}
- // Logging
logAction("Contact", "Create", "$session_name created contact $name", $client_id, $contact_id);
customAction('contact_create', $contact_id);
- $_SESSION['alert_message'] = "Contact $name created";
+ flash_alert("Contact $name created");
redirect();
@@ -207,12 +206,11 @@ if (isset($_POST['edit_contact'])) {
}
- //Logging
logAction("Contact", "Edit", "$session_name edited contact $name", $client_id, $contact_id);
customAction('contact_update', $contact_id);
- $_SESSION['alert_message'] = "Contact $name updated";
+ flash_alert("Contact $name updated");
redirect();
@@ -261,12 +259,9 @@ if (isset($_GET['archive_contact_note'])) {
mysqli_query($mysqli,"UPDATE contact_notes SET contact_note_archived_at = NOW() WHERE contact_note_id = $contact_note_id");
- // Logging
logAction("Contact", "Edit", "$session_name archived note $contact_note_type for $contact_name", $client_id, $contact_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Note $contact_note_type archived";
+ flash_alert("Note $contact_note_type archived", 'error');
redirect();
@@ -288,10 +283,9 @@ if (isset($_GET['unarchive_contact_note'])) {
mysqli_query($mysqli,"UPDATE contact_notes SET contact_note_archived_at = NULL WHERE contact_note_id = $contact_note_id");
- // Logging
logAction("Contact", "Edit", "$session_name restored note $contact_note_type for $contact_name", $client_id, $contact_id);
- $_SESSION['alert_message'] = "Note $contact_note_type restored";
+ flash_alert("Note $contact_note_type restored");
redirect();
@@ -313,11 +307,9 @@ if (isset($_GET['delete_contact_note'])) {
mysqli_query($mysqli,"DELETE FROM contact_notes WHERE contact_note_id = $contact_note_id");
- //Logging
logAction("Contact", "Edit", "$session_name deleted $contact_note_type note for $contact_name", $client_id, $contact_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Note $contact_note_type deleted.";
+ flash_alert("Note $contact_note_type deleted.", 'error');
redirect();
@@ -351,15 +343,13 @@ if (isset($_POST['bulk_assign_contact_location'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_location_id = $location_id WHERE contact_id = $contact_id");
- // Logging
logAction("Contact", "Edit", "$session_name assigned $contaxt_name to location $location_name", $client_id, $contact_id);
} // End Assign Location Loop
- // Bulk Log
logAction("Contact", "Bulk Edit", "$session_name assigned $contact_count contacts to location $location_name", $client_id);
- $_SESSION['alert_message'] = "You assigned $contact_count contacts to location $location_name";
+ flash_alert("$contact_count contacts assigned to location $location_name");
}
redirect();
@@ -389,14 +379,13 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_phone = '$phone' WHERE contact_id = $contact_id");
- // Logging
logAction("Contact", "Edit", "$session_name set Phone Number to $phone for $contact_name", $client_id, $contact_id);
} // End Assign Location Loop
- // Bulk Log
- logAction("Contact", "Bulk Edit", "$session_name set the Phone Number $phone for $contact_count contacts", $client_id);
+
+ logAction("Contact", "Bulk Edit", "$session_name set the Phone Number $phone for $contact_count contacts", $client_id);
- $_SESSION['alert_message'] = "You set Phone Number " . formatPhoneNumber($phone) . " on $contact_count contacts";
+ flash_alert("Phone Number set to " . formatPhoneNumber($phone) . " on $contact_count contacts");
}
redirect();
@@ -426,15 +415,13 @@ if (isset($_POST['bulk_edit_contact_department'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_department = '$department' WHERE contact_id = $contact_id");
- //Logging
logAction("Contact", "Edit", "$session_name set Department to $department for $contact_name", $client_id, $contact_id);
} // End Assign Location Loop
- // Bulk Log
logAction("Contact", "Bulk Edit", "$session_name set the department $department for $contact_count contacts", $client_id);
- $_SESSION['alert_message'] = "You set the Department to $department for $contact_count contacts";
+ flash_alert("You set the Department to $department for $contact_count contacts";
}
redirect();
@@ -466,17 +453,15 @@ if (isset($_POST['bulk_edit_contact_role'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical WHERE contact_id = $contact_id");
- //Logging
logAction("Contact", "Edit", "$session_name updated the contact role for $contact_name", $client_id, $contact_id);
customAction('contact_update', $contact_id);
} // End Assign Location Loop
- // Bulk Log
logAction("Contact", "Bulk Edit", "$session_name edited the contact role for $contact_count contacts", $client_id);
- $_SESSION['alert_message'] = "You updated contact roles for $contact_count contacts";
+ flash_alert("You updated contact roles for $contact_count contacts");
}
redirect();
@@ -519,15 +504,13 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
}
}
- //Logging
logAction("Contact", "Edit", "$session_name added tags to $contact_name", $client_id, $contact_id);
} // End Assign Location Loop
- // Bulk Log
logAction("Contact", "Bulk Edit", "$session_name added tags for $contact_count contacts", $client_id);
- $_SESSION['alert_message'] = "You assigned tags for $count contacts";
+ flash_alert("You assigned tags for $count contacts");
}
redirect();
@@ -569,10 +552,9 @@ if (isset($_POST['send_bulk_mail_now'])) {
}
addToMailQueue($data);
- // Logging
logAction("Bulk Mail", "Send", "$session_name sent $count messages via bulk mail");
- $_SESSION['alert_message'] = "$count messages queued";
+ flash_alert("$count messages queued");
}
@@ -620,11 +602,9 @@ if (isset($_POST['bulk_archive_contacts'])) {
}
- // Bulk Logging
logAction("Contact", "Bulk Archive", "$session_name archived $count contacts", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived $count contact(s)";
+ flash_alert("Archived $count contact(s)", 'error');
}
@@ -660,15 +640,13 @@ if (isset($_POST['bulk_unarchive_contacts'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id");
- // Individual Contact logging
logAction("Contact", "Restore", "$session_name restored $contact_name", $client_id, $contact_id);
}
- // Bulk Logging
logAction("Contact", "Bulk Restore", "$session_name restored $count contacts", $client_id);
- $_SESSION['alert_message'] = "Restored $count contact(s)";
+ flash_alert("Restored $count contact(s)");
}
@@ -677,9 +655,10 @@ if (isset($_POST['bulk_unarchive_contacts'])) {
if (isset($_POST['bulk_delete_contacts'])) {
- enforceUserPermission('module_client', 3);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 3);
+
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
@@ -704,19 +683,18 @@ if (isset($_POST['bulk_delete_contacts'])) {
mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id");
- // Individual Logging
logAction("Contact", "Delete", "$session_name deleted $contact_name", $client_id);
}
- // Bulk Logging
- logAction("Contact", "Bulk Delete", "$session_name deleted $count contacts", $client_id);
+ logAction("Contact", "Bulk Delete", "$session_name deleted $count contacts", $client_id);
- $_SESSION['alert_message'] = "You deleted $count contact(s)";
+ flash_alert("You deleted $count contact(s)");
}
redirect();
+
}
if (isset($_GET['anonymize_contact'])) {
@@ -804,7 +782,10 @@ if (isset($_GET['anonymize_contact'])) {
$ticket_reply_details = $ticket_reply['ticket_reply'];
$ticket_reply_details = str_ireplace($info_to_redact, "*****", $ticket_reply_details);
$ticket_reply_details = sanitizeInput($ticket_reply_details);
- mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply_details' WHERE ticket_reply_id = $ticket_reply_id");
+
+ mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply_details'
+ WHERE ticket_reply_id = $ticket_reply_id"
+ );
}
}
@@ -812,13 +793,12 @@ if (isset($_GET['anonymize_contact'])) {
// Archive contact
mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NOW() WHERE contact_id = $contact_id");
- // Logging
logAction("Contact", "Archive", "$session_name archived and anonymized contact", $client_id, $contact_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact $contact_name anonymized & archived";
+ flash_alert("Contact $contact_name anonymized & archived", 'error');
redirect();
+
}
if (isset($_GET['archive_contact'])) {
@@ -841,12 +821,9 @@ if (isset($_GET['archive_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_important = 0, contact_billing = 0, contact_technical = 0, contact_archived_at = NOW() WHERE contact_id = $contact_id");
- // Logging
logAction("Contact", "Archive", "$session_name archived contact $contact_name", $client_id, $contact_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact $contact_name has been archived";
+ flash_alert("Contact $contact_name has been archived", 'error');
redirect();
@@ -872,10 +849,9 @@ if (isset($_GET['unarchive_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NULL WHERE contact_id = $contact_id");
- // logging
logAction("Contact", "Unarchive", "$session_name unarchived contact $contact_name", $client_id, $contact_id);
- $_SESSION['alert_message'] = "Contact $contact_name has been Unarchived";
+ flash_alert("Contact $contact_name has been Unarchived");
redirect();
@@ -901,11 +877,9 @@ if (isset($_GET['delete_contact'])) {
mysqli_query($mysqli,"DELETE FROM contacts WHERE contact_id = $contact_id");
- //Logging
logAction("Contact", "Delete", "$session_name deleted contact $contact_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact $contact_name has been deleted.";
+ flash_alert("Contact $contact_name has been deleted.", 'error');
redirect();
@@ -925,16 +899,13 @@ if (isset($_POST['link_contact_to_asset'])) {
$client_id = intval($row['asset_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"UPDATE assets SET asset_contact_id = $contact_id WHERE asset_id = $asset_id");
- // Logging
logAction("Asset", "Link", "$session_name linked asset $asset_name to contact $contact_name", $client_id, $asset_id);
- $_SESSION['alert_message'] = "Contact $contact_name linked with asset $asset_name";
+ flash_alert("Contact $contact_name linked with asset $asset_name");
redirect();
@@ -954,17 +925,13 @@ if (isset($_GET['unlink_asset_from_contact'])) {
$client_id = intval($row['asset_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"UPDATE assets SET asset_contact_id = 0 WHERE asset_id = $asset_id");
- //Logging
logAction("Asset", "Unlink", "$session_name unlinked contact $contact_name from asset $asset_name", $client_id, $asset_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Asset $asset_name unlinked from Contact $contact_name";
+ flash_alert("Asset $asset_name unlinked from Contact $contact_name", 'error');
redirect();
@@ -984,16 +951,13 @@ if (isset($_POST['link_software_to_contact'])) {
$client_id = intval($row['software_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"INSERT INTO software_contacts SET contact_id = $contact_id, software_id = $software_id");
- // Logging
logAction("Software", "Link", "$session_name added software license $software_name to contact $contact_name", $client_id, $software_id);
- $_SESSION['alert_message'] = "Software $software_name licensed for contact $contact_name";
+ flash_alert("Software $software_name licensed for contact $contact_name");
redirect();
@@ -1013,17 +977,13 @@ if (isset($_GET['unlink_software_from_contact'])) {
$client_id = intval($row['software_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"DELETE FROM software_contacts WHERE contact_id = $contact_id AND software_id = $software_id");
- //Logging
logAction("software", "Unlink", "$session_name removed software license $software_name from contact $contact_name", $client_id, $software_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Removed Software License $software_name for Contact $contact_name";
+ flash_alert("Removed Software License $software_name for Contact $contact_name", 'error');
redirect();
@@ -1043,16 +1003,13 @@ if (isset($_POST['link_contact_to_credential'])) {
$client_id = intval($row['credential_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"UPDATE credentials SET credential_contact_id = $contact_id WHERE credential_id = $credential_id");
- // Logging
logAction("Asset", "Link", "$session_name linked credential $credential_name to contact $contact_name", $client_id, $credential_id);
- $_SESSION['alert_message'] = "Contact $contact_name linked with credential $credential_name";
+ flash_alert("Contact $contact_name linked with credential $credential_name");
redirect();
@@ -1072,17 +1029,13 @@ if (isset($_GET['unlink_credential_from_contact'])) {
$client_id = intval($row['credential_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"UPDATE credentials SET credential_contact_id = 0 WHERE credential_id = $credential_id");
- //Logging
logAction("Credential", "Unlink", "$session_name unlinked contact $contact_name from credential $credential_name", $client_id, $credential_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Credential $credential_name unlinked from Contact $contact_name";
+ flash_alert("Credential $credential_name unlinked from Contact $contact_name", 'error');
redirect();
@@ -1102,16 +1055,13 @@ if (isset($_POST['link_service_to_contact'])) {
$client_id = intval($row['service_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"INSERT INTO service_contacts SET contact_id = $contact_id, service_id = $service_id");
- // Logging
logAction("Service", "Link", "$session_name linked contact $contact_name to service $service_name", $client_id, $service_id);
- $_SESSION['alert_message'] = "service $service_name linked with contact $contact_name";
+ flash_alert("service $service_name linked with contact $contact_name");
redirect();
@@ -1131,17 +1081,13 @@ if (isset($_GET['unlink_service_from_contact'])) {
$client_id = intval($row['service_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"DELETE FROM service_contacts WHERE contact_id = $contact_id AND service_id = $service_id");
- //Logging
logAction("service", "Unlink", "$session_name unlinked contact $contact_name from service $service_name", $client_id, $service_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact $contact_name unlinked from service $service_name";
+ flash_alert("Contact $contact_name unlinked from service $service_name", 'error');
redirect();
@@ -1161,17 +1107,14 @@ if (isset($_POST['link_contact_to_file'])) {
$client_id = intval($row['file_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO contact_files SET contact_id = $contact_id, file_id = $file_id");
- // Logging
logAction("File", "Link", "$session_name linked contact $contact_name to file $file_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "Contact $contact_name linked with File $file_name";
+ flash_alert("Contact $contact_name linked with File $file_name");
redirect();
@@ -1191,17 +1134,13 @@ if (isset($_GET['unlink_contact_from_file'])) {
$client_id = intval($row['file_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"DELETE FROM contact_files WHERE contact_id = $contact_id AND file_id = $file_id");
- //Logging
logAction("File", "Unlink", "$session_name unlinked contact $contact_name from file $file_name", $client_id, $file_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact $contact_name unlinked from file $file_name";
+ flash_alert("Contact $contact_name unlinked from file $file_name", 'error');
redirect();
@@ -1252,7 +1191,6 @@ if (isset($_POST['export_contacts_csv'])) {
}
- //Logging
logAction("Contact", "Export", "$session_name exported $num_rows contact(s) to a CSV file", $client_id);
exit;
@@ -1269,10 +1207,8 @@ if (isset($_POST["import_contacts_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
- $_SESSION['alert_message'] = "Please select a file to upload.";
- $_SESSION['alert_type'] = "error";
+ flash_alert("Please select a file to upload.", 'error');
redirect();
- exit();
}
//Check file is CSV
@@ -1280,13 +1216,13 @@ if (isset($_POST["import_contacts_csv"])) {
$allowed_file_extensions = array('csv');
if (in_array($file_extension,$allowed_file_extensions) === false) {
$error = true;
- $_SESSION['alert_message'] = "Bad file extension";
+ flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif ($_FILES["file"]["size"] < 1) {
$error = true;
- $_SESSION['alert_message'] = "Bad file size (empty?)";
+ flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@@ -1294,7 +1230,7 @@ if (isset($_POST["import_contacts_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 8) {
$error = true;
- $_SESSION['alert_message'] = "Bad column count.";
+ flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@@ -1349,17 +1285,18 @@ if (isset($_POST["import_contacts_csv"])) {
}
fclose($file);
- //Logging
logAction("Contact", "Import", "$session_name imported $row_count contact(s) via CSV file", $client_id);
- $_SESSION['alert_message'] = "$row_count Contact(s) added, $duplicate_count duplicate(s) detected";
+ flash_alert("$row_count Contact(s) added, $duplicate_count duplicate(s) detected", 'warning');
+
redirect();
+
}
//Check for any errors, if there are notify user and redirect
if ($error) {
- $_SESSION['alert_type'] = "warning";
redirect();
}
+
}
if (isset($_GET['download_contacts_csv_template'])) {