$name created"); redirect(); } if (isset($_POST['edit_account'])) { enforceUserPermission('module_financial', 2); validateCSRFToken($_POST['csrf_token']); $account_id = intval($_POST['account_id']); $name = sanitizeInput($_POST['name']); $notes = sanitizeInput($_POST['notes']); mysqli_query($mysqli,"UPDATE accounts SET account_name = '$name', account_notes = '$notes' WHERE account_id = $account_id"); logAction("Account", "Edit", "$session_name edited account $name"); flash_alert("Account $name edited"); redirect(); } if (isset($_GET['archive_account'])) { enforceUserPermission('module_financial', 2); validateCSRFToken($_GET['csrf_token']); $account_id = intval($_GET['archive_account']); $account_name = sanitizeInput(getFieldById('accounts', $account_id, 'account_name')); mysqli_query($mysqli,"UPDATE accounts SET account_archived_at = NOW() WHERE account_id = $account_id"); logAction("Account", "Archive", "$session_name archived account $account_name"); flash_alert("Account $account_name archived", 'error'); redirect(); } // Not used anywhere? if (isset($_GET['delete_account'])) { enforceUserPermission('module_financial', 3); $account_id = intval($_GET['delete_account']); $account_name = sanitizeInput(getFieldById('accounts', $account_id, 'account_name')); mysqli_query($mysqli,"DELETE FROM accounts WHERE account_id = $account_id"); logAction("Account", "Delete", "$session_name deleted account $account_name"); flash_alert("Account $account_name deleted", 'error'); redirect(); }