Merge pull request #543 from wrongecho/dashboards

Add a basic technical dashboard

dashboard_financial.php

@@ -6,7 +6,7 @@
 //  To be removed when we have a proper technical dashboard for techs
 if ($_SESSION['user_role'] != 3) { ?>
   <script type="text/javascript">
-      window.location.href = 'clients.php';
+      window.location.href = 'dashboard_technical.php';
   </script>
 <?php
   exit();
@@ -27,9 +27,6 @@ if(isset($_GET['year'])){
 //GET unique years from expenses, payments and revenues
 $sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id ORDER BY all_years DESC");
 
-
-//GET unique years from expenses, payments and revenues
-$sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id ORDER BY all_years DESC");
 //Define var so it doesnt throw errors in logs
 $largest_income_month = 0;
 

dashboard_technical.php

@@ -0,0 +1,139 @@
+<?php include_once("inc_all.php"); ?>
+
+<?php
+
+if (isset($_GET['year'])) {
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
+}
+
+// GET unique years from expenses, payments and revenues
+$sql_payment_years = mysqli_query($mysqli, "SELECT YEAR(expense_date) AS all_years FROM expenses
+    WHERE company_id = $session_company_id
+    UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id
+    UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id
+    ORDER BY all_years DESC"
+);
+
+// Get Total Clients added
+$sql_clients = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients
+    WHERE YEAR(client_created_at) = $year
+    AND company_id = $session_company_id"
+));
+$clients_added = $sql_clients['clients_added'];
+
+// Ticket count
+$sql_tickets = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('ticket_id') AS active_tickets
+    FROM tickets
+    WHERE ticket_status != 'Closed'
+    AND company_id = $session_company_id"
+));
+$active_tickets = $sql_tickets['active_tickets'];
+
+// Expiring domains (but not ones that have already expired)
+$sql_domains_expiring = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('domain_id') as expiring_domains
+    FROM domains
+    WHERE domain_expire != '0000-00-00'
+    AND domain_expire > CURRENT_DATE
+    AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
+    AND domain_archived_at IS NULL
+    AND company_id = $session_company_id"
+));
+$expiring_domains = $sql_domains_expiring['expiring_domains'];
+
+// Expiring Certificates (but not ones that have already expired)
+$sql_certs_expiring = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('certificate_id') as expiring_certs
+    FROM certificates
+    WHERE certificate_expire != '0000-00-00'
+    AND certificate_expire > CURRENT_DATE
+    AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY
+    AND certificate_archived_at IS NULL
+    AND company_id = $session_company_id"
+));
+$expiring_certificates = $sql_certs_expiring['expiring_certs'];
+
+?>
+
+<form class="mb-3">
+    <select onchange="this.form.submit()" class="form-control" name="year">
+        <?php
+
+        while ($row = mysqli_fetch_array($sql_payment_years)) {
+            $payment_year = $row['all_years'];
+            if (empty($payment_year)) {
+                $payment_year = date('Y');
+            }
+            ?>
+            <option <?php if ($year == $payment_year) { echo "selected"; } ?> > <?php echo $payment_year; ?></option>
+
+            <?php
+        }
+        ?>
+
+    </select>
+</form>
+
+<!-- Icon Cards-->
+<div class="row">
+
+    <div class="col-lg-4 col-6">
+        <!-- small box -->
+        <a class="small-box bg-secondary" href="clients.php?date_from=<?php echo $year; ?>-01-01&date_to=<?php echo $year; ?>-12-31">
+            <div class="inner">
+                <h3><?php echo $clients_added; ?></h3>
+                <p>New Clients</p>
+            </div>
+            <div class="icon">
+                <i class="fa fa-users"></i>
+            </div>
+        </a>
+    </div>
+    <!-- ./col -->
+
+    <div class="col-lg-4 col-6">
+        <!-- small box -->
+        <a class="small-box bg-danger" href="tickets.php">
+            <div class="inner">
+                <h3><?php echo $active_tickets; ?></h3>
+                <p>Active Tickets</p>
+            </div>
+            <div class="icon">
+                <i class="fa fa-ticket-alt"></i>
+            </div>
+        </a>
+    </div>
+    <!-- ./col -->
+
+    <div class="col-lg-4 col-6">
+        <!-- small box -->
+        <a class="small-box bg-warning">
+            <div class="inner">
+                <h3><?php echo $expiring_domains; ?></h3>
+                <p>Expiring Domains</p>
+            </div>
+            <div class="icon">
+                <i class="fa fa-globe"></i>
+            </div>
+        </a>
+    </div>
+    <!-- ./col -->
+
+    <div class="col-lg-4 col-6">
+        <!-- small box -->
+        <a class="small-box bg-primary">
+            <div class="inner">
+                <h3><?php echo $expiring_certificates; ?></h3>
+                <p>Expiring Certificates</p>
+            </div>
+            <div class="icon">
+                <i class="fa fa-lock"></i>
+            </div>
+        </a>
+    </div>
+    <!-- ./col -->
+
+</div> <!-- row -->
+
+<?php include_once("footer.php"); ?>
+

login.php

@@ -87,11 +87,21 @@ if(isset($_POST['login'])){
             }
 
             if (empty($token)) {
+                // Full Login successful
+
                 $_SESSION['logged'] = TRUE;
                 mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
 
-                header("Location: dashboard_financial.php");
+                // Show start page/dashboard depending on role
+                if ($row['user_role'] == 2) {
+                    header("Location: dashboard_technical.php");
                 } else {
+                    header("Location: dashboard_financial.php");
+                }
+
+            } else {
+                // Prompt for MFA
+
                 $token_field = "<div class='input-group mb-3'>
                 <input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
                 <div class='input-group-append'>
@@ -104,10 +114,17 @@ if(isset($_POST['login'])){
                 require_once("rfc6238.php");
 
                 if (TokenAuth6238::verify($token, $current_code)) {
+                    // Full login (with MFA) successful
                     $_SESSION['logged'] = TRUE;
                     mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
-                    //header("Location: $config_start_page");
+
+                    // Show start page/dashboard depending on role
+                    if ($row['user_role'] == 2) {
+                        header("Location: dashboard_technical.php");
+                    } else {
                         header("Location: dashboard_financial.php");
+                    }
+
                 } else {
                     mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
 

side_nav.php

@@ -60,6 +60,18 @@
 
             <ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
 
+                <!-- Dashboard item (tech/financial) -->
+                <?php if ($session_user_role == 2) { ?>
+
+                    <li class="nav-item">
+                        <a href="dashboard_technical.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "dashboard_technical.php") { echo "active"; } ?>">
+                            <i class="nav-icon fas fa-tachometer-alt"></i>
+                            <p>Dashboard</p>
+                        </a>
+                    </li>
+
+                <?php } else { ?>
+
                     <li class="nav-item">
                         <a href="dashboard_financial.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "dashboard_financial.php") { echo "active"; } ?>">
                             <i class="nav-icon fas fa-tachometer-alt"></i>
@@ -67,6 +79,9 @@
                         </a>
                     </li>
 
+                <?php } ?>
+                <!-- End dashboard item (tech/financial) -->
+
                 <li class="nav-item">
                     <a href="clients.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
                         <i class="nav-icon fas fa-users"></i>