ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed the prepended user_ from the fields in the user_roles table, moved user_role_id from user_settings directly to users table, rename table user_permissions to user_client_permissions, removed unused Sessions vars in login. This upedate will require to update using update_cli.php --db_update

Browse Source
This commit is contained in:
johnnyq
2025-03-10 15:57:16 -04:00
parent 3804e18e53
commit 9b6ea851e7
21 changed files with 156 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
admin_role.php
View File

@@ -1,7 +1,7 @@
<?php <?php
// Default Column Sortby Filter // Default Column Sortby Filter
$sort = "user_role_is_admin"; $sort = "role_is_admin";
$order = "DESC"; $order = "DESC";
require_once "includes/inc_all_admin.php"; require_once "includes/inc_all_admin.php";
@@ -13,8 +13,8 @@ $url_query_strings_sort = http_build_query($get_copy);
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM user_roles "SELECT SQL_CALC_FOUND_ROWS * FROM user_roles
WHERE (user_roles.user_role_name LIKE '%$q%' OR user_roles.user_role_description LIKE '%$q%') WHERE (role_name LIKE '%$q%' OR role_description LIKE '%$q%')
AND user_roles.user_role_archived_at IS NULL AND role_archived_at IS NULL
ORDER BY $sort $order LIMIT $record_from, $record_to" ORDER BY $sort $order LIMIT $record_from, $record_to"
); );
@@ -53,14 +53,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>
<th> <th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_name&order=<?php echo $disp; ?>"> <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
Role <?php if ($sort == 'user_role_name') { echo $order_icon; } ?> Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
</a> </a>
</th> </th>
<th>Members</th> <th>Members</th>
<th> <th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_is_admin&order=<?php echo $disp; ?>"> <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_is_admin&order=<?php echo $disp; ?>">
Admin <?php if ($sort == 'user_role_is_admin') { echo $order_icon; } ?> Admin <?php if ($sort == 'role_is_admin') { echo $order_icon; } ?>
</a> </a>
</th> </th>
<th class="text-center">Action</th> <th class="text-center">Action</th>
@@ -70,17 +70,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$role_id = intval($row['user_role_id']); $role_id = intval($row['role_id']);
$role_name = nullable_htmlentities($row['user_role_name']); $role_name = nullable_htmlentities($row['role_name']);
$role_description = nullable_htmlentities($row['user_role_description']); $role_description = nullable_htmlentities($row['role_description']);
$role_admin = intval($row['user_role_is_admin']); $role_admin = intval($row['role_is_admin']);
$role_archived_at = nullable_htmlentities($row['user_role_archived_at']); $role_archived_at = nullable_htmlentities($row['role_archived_at']);
// Count number of users that have each role // Count number of users that have each role
$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
$role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
$sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
// Initialize an empty array to hold user names // Initialize an empty array to hold user names
$user_names = []; $user_names = [];
@@ -90,7 +90,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} }
// Convert the array of user names to a comma-separated string // Convert the array of user names to a comma-separated string
$user_names_string = implode(",", $user_names) ; $user_names_string = implode(",", $user_names);
if (empty($user_names_string)) { if (empty($user_names_string)) {
$user_names_string = "-"; $user_names_string = "-";

12
admin_user.php
View File

@@ -14,7 +14,7 @@ $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles
WHERE users.user_id = user_settings.user_id WHERE users.user_id = user_settings.user_id
AND user_settings.user_role = user_roles.user_role_id AND user_role_id = role_id
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%') AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
AND user_archived_at IS NULL AND user_archived_at IS NULL
ORDER BY $sort $order LIMIT $record_from, $record_to" ORDER BY $sort $order LIMIT $record_from, $record_to"
@@ -77,8 +77,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</a> </a>
</th> </th>
<th> <th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>"> <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
Role <?php if ($sort == 'user_role') { echo $order_icon; } ?> Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
</a> </a>
</th> </th>
<th> <th>
@@ -116,8 +116,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>"; $mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
} }
$user_config_force_mfa = intval($row['user_config_force_mfa']); $user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_role = $row['user_role']; $user_role = $row['user_role_id'];
$user_role_display = nullable_htmlentities($row['user_role_name']); $user_role_display = nullable_htmlentities($row['role_name']);
$user_initials = nullable_htmlentities(initials($user_name)); $user_initials = nullable_htmlentities(initials($user_name));
$sql_last_login = mysqli_query( $sql_last_login = mysqli_query(
@@ -139,7 +139,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} }
// Get User Client Access Permissions // Get User Client Access Permissions
$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id"); $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
$client_access_array = []; $client_access_array = [];
while ($row = mysqli_fetch_assoc($user_client_access_sql)) { while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
$client_access_array[] = intval($row['client_id']); $client_access_array[] = intval($row['client_id']);

5
ajax/ajax_project_edit.php
View File

@@ -74,9 +74,8 @@ ob_start();
<?php <?php
$sql_project_managers_select = mysqli_query( $sql_project_managers_select = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
); );
while ($row = mysqli_fetch_array($sql_project_managers_select)) { while ($row = mysqli_fetch_array($sql_project_managers_select)) {
$user_id_select = intval($row['user_id']); $user_id_select = intval($row['user_id']);

12
ajax/ajax_role_edit.php
View File

@@ -4,18 +4,18 @@ require_once '../includes/ajax_header.php';
$role_id = intval($_GET['id']); $role_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_id = $role_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_id = $role_id LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$role_name = nullable_htmlentities($row['user_role_name']); $role_name = nullable_htmlentities($row['role_name']);
$role_description = nullable_htmlentities($row['user_role_description']); $role_description = nullable_htmlentities($row['role_description']);
$role_admin = intval($row['user_role_is_admin']); $role_admin = intval($row['role_is_admin']);
// Count number of users that have each role // Count number of users that have each role
$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
$role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
$sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
// Initialize an empty array to hold user names // Initialize an empty array to hold user names
$user_names = []; $user_names = [];

12
ajax/ajax_user_edit.php
View File

@@ -12,11 +12,11 @@ $user_email = nullable_htmlentities($row['user_email']);
$user_avatar = nullable_htmlentities($row['user_avatar']); $user_avatar = nullable_htmlentities($row['user_avatar']);
$user_token = nullable_htmlentities($row['user_token']); $user_token = nullable_htmlentities($row['user_token']);
$user_config_force_mfa = intval($row['user_config_force_mfa']); $user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_role = intval($row['user_role']); $user_role_id = intval($row['user_role_id']);
$user_initials = nullable_htmlentities(initials($user_name)); $user_initials = nullable_htmlentities(initials($user_name));
// Get User Client Access Permissions // Get User Client Access Permissions
$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id"); $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
$client_access_array = []; $client_access_array = [];
while ($row = mysqli_fetch_assoc($user_client_access_sql)) { while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
$client_access_array[] = intval($row['client_id']); $client_access_array[] = intval($row['client_id']);
@@ -107,13 +107,13 @@ ob_start();
</div> </div>
<select class="form-control select2" name="role" required> <select class="form-control select2" name="role" required>
<?php <?php
$sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_archived_at IS NULL"); $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_archived_at IS NULL");
while ($row = mysqli_fetch_array($sql_user_roles)) { while ($row = mysqli_fetch_array($sql_user_roles)) {
$user_role_id = intval($row['user_role_id']); $role_id = intval($row['role_id']);
$user_role_name = nullable_htmlentities($row['user_role_name']); $role_name = nullable_htmlentities($row['role_name']);
?> ?>
<option <?php if ($user_role == $user_role_id) {echo "selected";} ?> value="<?php echo $user_role_id; ?>"><?php echo $user_role_name; ?></option> <option <?php if ($role_id == $user_role_id) {echo "selected";} ?> value="<?php echo $role_id; ?>"><?php echo $role_name; ?></option>
<?php } ?> <?php } ?>
</select> </select>

28
check_login.php
View File

@@ -27,17 +27,11 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
exit; exit;
} }
// Check user type
if ($_SESSION['user_type'] !== 1) {
header("Location: login.php");
exit();
}
// Set Timezone // Set Timezone
require_once "inc_set_timezone.php"; require_once "inc_set_timezone.php";
// User IP & UA // User Vars and User Settings
$session_ip = sanitizeInput(getIP()); $session_ip = sanitizeInput(getIP());
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']); $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
@@ -47,7 +41,7 @@ $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM users "SELECT * FROM users
LEFT JOIN user_settings ON users.user_id = user_settings.user_id LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id LEFT JOIN user_roles ON user_role_id = role_id
WHERE users.user_id = $session_user_id"); WHERE users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@@ -55,9 +49,10 @@ $session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar']; $session_avatar = $row['user_avatar'];
$session_token = $row['user_token']; // MFA Token $session_token = $row['user_token']; // MFA Token
$session_user_role = intval($row['user_role']); $session_user_type = intval($row['user_type']);
$session_user_role_display = sanitizeInput($row['user_role_name']); $session_user_role = intval($row['user_role_id']);
if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) { $session_user_role_display = sanitizeInput($row['role_name']);
if (isset($row['role_is_admin']) && $row['role_is_admin'] == 1) {
$session_is_admin = true; $session_is_admin = true;
} else { } else {
$session_is_admin = false; $session_is_admin = false;
@@ -65,6 +60,15 @@ if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
$session_user_config_force_mfa = intval($row['user_config_force_mfa']); $session_user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_config_records_per_page = intval($row['user_config_records_per_page']); $user_config_records_per_page = intval($row['user_config_records_per_page']);
// Check user type
if ($session_user_type !== 1) {
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
// Company Vars and Company Settings
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1"); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@@ -78,7 +82,7 @@ $session_company_currency = $row['company_currency'];
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Get User Client Access Permissions // Get User Client Access Permissions
$user_client_access_sql = "SELECT client_id FROM user_permissions WHERE user_id = $session_user_id"; $user_client_access_sql = "SELECT client_id FROM user_client_permissions WHERE user_id = $session_user_id";
$user_client_access_result = mysqli_query($mysqli, $user_client_access_sql); $user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);
$client_access_array = []; $client_access_array = [];

5
dashboard.php
View File

@@ -73,11 +73,6 @@ $sql_years_select = mysqli_query($mysqli, "
<?php <?php
if ($user_config_dashboard_financial_enable == 1) { if ($user_config_dashboard_financial_enable == 1) {
// Ensure the user has the appropriate role to view the financial dashboard
if ($_SESSION['user_role'] != 3 && $_SESSION['user_role'] != 1) {
exit('<script type="text/javascript">window.location.href = \'dashboard_technical.php\';</script>');
}
// Fetch financial data for the dashboard // Fetch financial data for the dashboard
// Define variables to avoid errors in logs // Define variables to avoid errors in logs
$largest_income_month = 0; $largest_income_month = 0;

49
database_updates.php
View File

@@ -2435,10 +2435,53 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.9'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.9'");
} }
// if (CURRENT_DATABASE_VERSION == '1.8.9') { if (CURRENT_DATABASE_VERSION == '1.8.9') {
// // Insert queries here required to update to DB version 1.9.0 mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_role_id` INT(11) DEFAULT 0 AFTER `user_archived_at`");
// Copy user role from user settings table to the users table
mysqli_query($mysqli,"
UPDATE `users`
JOIN `user_settings` ON users.user_id = user_settings.user_id
SET users.user_role_id = user_settings.user_role
");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'");
}
if (CURRENT_DATABASE_VERSION == '1.9.0') {
mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_role`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.1'");
}
if (CURRENT_DATABASE_VERSION == '1.9.1') {
mysqli_query($mysqli,
"ALTER TABLE `user_roles`
CHANGE COLUMN `user_role_id` `role_id` INT(11) NOT NULL AUTO_INCREMENT,
CHANGE COLUMN `user_role_name` `role_name` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
CHANGE COLUMN `user_role_description` `role_description` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `user_role_type` `role_type` TINYINT(1) NOT NULL DEFAULT 1,
CHANGE COLUMN `user_role_is_admin` `role_is_admin` TINYINT(1) NOT NULL DEFAULT 0,
CHANGE COLUMN `user_role_created_at` `role_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP(),
CHANGE COLUMN `user_role_updated_at` `role_updated_at` DATETIME NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP(),
CHANGE COLUMN `user_role_archived_at` `role_archived_at` DATETIME NULL DEFAULT NULL
");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.2'");
}
if (CURRENT_DATABASE_VERSION == '1.9.2') {
mysqli_query($mysqli, "RENAME TABLE `user_permissions` TO `user_client_permissions`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.3'");
}
// if (CURRENT_DATABASE_VERSION == '1.9.3') {
// // Insert queries here required to update to DB version 1.9.4
// // Then, update the database to the next sequential version // // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'"); // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.4'");
// } // }
} else { } else {

28
db.sql
View File

@@ -2205,13 +2205,13 @@ CREATE TABLE `trips` (
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
-- --
-- Table structure for table `user_permissions` -- Table structure for table `user_client_permissions`
-- --
DROP TABLE IF EXISTS `user_permissions`; DROP TABLE IF EXISTS `user_client_permissions`;
/*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */; /*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_permissions` ( CREATE TABLE `user_client_permissions` (
`user_id` int(11) NOT NULL, `user_id` int(11) NOT NULL,
`client_id` int(11) NOT NULL, `client_id` int(11) NOT NULL,
PRIMARY KEY (`user_id`,`client_id`) PRIMARY KEY (`user_id`,`client_id`)
@@ -2240,15 +2240,15 @@ DROP TABLE IF EXISTS `user_roles`;
/*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */; /*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_roles` ( CREATE TABLE `user_roles` (
`user_role_id` int(11) NOT NULL AUTO_INCREMENT, `role_id` int(11) NOT NULL AUTO_INCREMENT,
`user_role_name` varchar(200) NOT NULL, `role_name` varchar(200) NOT NULL,
`user_role_description` varchar(200) DEFAULT NULL, `role_description` varchar(200) DEFAULT NULL,
`user_role_type` tinyint(1) NOT NULL DEFAULT 1, `role_type` tinyint(1) NOT NULL DEFAULT 1,
`user_role_is_admin` tinyint(1) NOT NULL DEFAULT 0, `role_is_admin` tinyint(1) NOT NULL DEFAULT 0,
`user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(), `role_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`user_role_archived_at` datetime DEFAULT NULL, `role_archived_at` datetime DEFAULT NULL,
PRIMARY KEY (`user_role_id`) PRIMARY KEY (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -2261,7 +2261,6 @@ DROP TABLE IF EXISTS `user_settings`;
/*!40101 SET character_set_client = utf8 */; /*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_settings` ( CREATE TABLE `user_settings` (
`user_id` int(11) NOT NULL, `user_id` int(11) NOT NULL,
`user_role` int(11) NOT NULL,
`user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0, `user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0,
`user_config_records_per_page` int(11) NOT NULL DEFAULT 10, `user_config_records_per_page` int(11) NOT NULL DEFAULT 10,
`user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0, `user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0,
@@ -2296,6 +2295,7 @@ CREATE TABLE `users` (
`user_created_at` datetime NOT NULL DEFAULT current_timestamp(), `user_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`user_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `user_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`user_archived_at` datetime DEFAULT NULL, `user_archived_at` datetime DEFAULT NULL,
`user_role_id` int(11) DEFAULT 0,
PRIMARY KEY (`user_id`) PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -2383,4 +2383,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2025-03-10 12:25:19 -- Dump completed on 2025-03-10 15:52:38

16
functions.php
View File

@@ -541,7 +541,7 @@ function validateCSRFToken($token)
function validateAdminRole() function validateAdminRole()
{ {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3) { if (!isset($session_user_role) || $session_user_role != 3) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -553,7 +553,7 @@ function validateAdminRole()
// Validates a user is a tech (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is an accountant) // Validates a user is a tech (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is an accountant)
function validateTechRole() function validateTechRole()
{ {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1) { if (!isset($session_user_role) || $session_user_role == 1) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -565,7 +565,7 @@ function validateTechRole()
// Validates a user is an accountant (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is a tech) // Validates a user is an accountant (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is a tech)
function validateAccountantRole() function validateAccountantRole()
{ {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2) { if (!isset($session_user_role) || $session_user_role == 2) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -1313,15 +1313,15 @@ function lookupUserPermission($module) {
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT "SELECT
urp.user_role_permission_level user_role_permissions.user_role_permission_level
FROM FROM
modules AS m modules
JOIN JOIN
user_role_permissions AS urp user_role_permissions
ON ON
m.module_id = urp.module_id modules.module_id = user_role_permissions.module_id
WHERE WHERE
m.module_name = '$module' AND urp.user_role_id = $session_user_role" module_name = '$module' AND user_role_permissions.user_role_id = $session_user_role"
); );
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);

2
includes/database_version.php
View File

@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php * It is used in conjunction with database_updates.php
*/ */
DEFINE("LATEST_DATABASE_VERSION", "1.8.9"); DEFINE("LATEST_DATABASE_VERSION", "1.9.3");

5
login.php
View File

@@ -117,7 +117,7 @@ if (isset($_POST['login'])) {
$user_email = sanitizeInput($row['user_email']); $user_email = sanitizeInput($row['user_email']);
$token = sanitizeInput($row['user_token']); $token = sanitizeInput($row['user_token']);
$force_mfa = intval($row['user_config_force_mfa']); $force_mfa = intval($row['user_config_force_mfa']);
$user_role = intval($row['user_role']); $user_role_id = intval($row['user_role_id']);
$user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
$user_extension_key = $row['user_extension_key']; $user_extension_key = $row['user_extension_key'];
@@ -193,9 +193,6 @@ if (isset($_POST['login'])) {
// Session info // Session info
$_SESSION['user_id'] = $user_id; $_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_type'] = 1;
$_SESSION['user_role'] = $user_role;
$_SESSION['csrf_token'] = randomString(156); $_SESSION['csrf_token'] = randomString(156);
$_SESSION['logged'] = true; $_SESSION['logged'] = true;

8
modals/admin_user_add_modal.php
View File

@@ -71,13 +71,13 @@
<select class="form-control select2" name="role" required> <select class="form-control select2" name="role" required>
<option value="">- Role -</option> <option value="">- Role -</option>
<?php <?php
$sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_archived_at IS NULL"); $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_archived_at IS NULL");
while ($row = mysqli_fetch_array($sql_user_roles)) { while ($row = mysqli_fetch_array($sql_user_roles)) {
$user_role_id = intval($row['user_role_id']); $role_id = intval($row['role_id']);
$user_role_name = nullable_htmlentities($row['user_role_name']); $role_name = nullable_htmlentities($row['role_name']);
?> ?>
<option value="<?php echo $user_role_id; ?>"><?php echo $user_role_name; ?></option> <option value="<?php echo $role_id; ?>"><?php echo $role_name; ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>

5
modals/asset_bulk_add_ticket_modal.php
View File

@@ -82,9 +82,8 @@
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
); );
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);

5
modals/project_add_modal.php
View File

@@ -75,9 +75,8 @@
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
); );
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);

5
modals/recurring_ticket_add_modal.php
View File

@@ -74,9 +74,8 @@
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
); );
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);

5
modals/ticket_add_modal.php
View File

@@ -178,9 +178,8 @@
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1
WHERE user_role > 1
AND user_type = 1 AND user_type = 1
AND user_status = 1 AND user_status = 1
AND user_archived_at IS NULL AND user_archived_at IS NULL

5
modals/trip_add_modal.php
View File

@@ -89,9 +89,8 @@
<option value="">- Driver -</option> <option value="">- Driver -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT users.user_id, user_name FROM users $sql = mysqli_query($mysqli, "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
WHERE user_role > 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
); );
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);

16
post/admin/admin_role.php
View File

@@ -14,12 +14,12 @@ if (isset($_POST['add_role'])) {
$description = sanitizeInput($_POST['role_description']); $description = sanitizeInput($_POST['role_description']);
$admin = intval($_POST['role_is_admin']); $admin = intval($_POST['role_is_admin']);
mysqli_query($mysqli, "INSERT INTO user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin"); mysqli_query($mysqli, "INSERT INTO user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin");
$user_role_id = mysqli_insert_id($mysqli); $role_id = mysqli_insert_id($mysqli);
// Logging // Logging
logAction("User Role", "Create", "$session_name created user role $name", 0, $user_role_id); logAction("User Role", "Create", "$session_name created user role $name", 0, $role_id);
$_SESSION['alert_message'] = "User Role <strong$name</strong> created"; $_SESSION['alert_message'] = "User Role <strong$name</strong> created";
@@ -37,7 +37,7 @@ if (isset($_POST['edit_role'])) {
$description = sanitizeInput($_POST['role_description']); $description = sanitizeInput($_POST['role_description']);
$admin = intval($_POST['role_is_admin']); $admin = intval($_POST['role_is_admin']);
mysqli_query($mysqli, "UPDATE user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin WHERE user_role_id = $role_id"); mysqli_query($mysqli, "UPDATE user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin WHERE role_id = $role_id");
// Update role access levels // Update role access levels
mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id"); mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id");
@@ -68,7 +68,7 @@ if (isset($_GET['archive_role'])) {
$role_id = intval($_GET['archive_role']); $role_id = intval($_GET['archive_role']);
// Check role isn't in use // Check role isn't in use
$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
$role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
if ($role_user_count != 0) { if ($role_user_count != 0) {
$_SESSION['alert_type'] = "error"; $_SESSION['alert_type'] = "error";
@@ -77,11 +77,11 @@ if (isset($_GET['archive_role'])) {
exit(); exit();
} }
mysqli_query($mysqli, "UPDATE user_roles SET user_role_archived_at = NOW() WHERE user_role_id = $role_id"); mysqli_query($mysqli, "UPDATE user_roles SET role_archived_at = NOW() WHERE role_id = $role_id");
// Logging // Logging
$role_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_role_name FROM user_roles WHERE user_role_id = $role_id LIMIT 1")); $role_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT role_name FROM user_roles WHERE role_id = $role_id LIMIT 1"));
$role_name = sanitizeInput($role_details['user_role_name']); $role_name = sanitizeInput($role_details['role_name']);
logAction("User Role", "Archive", "$session_name archived user role $role_name", 0, $role_id); logAction("User Role", "Archive", "$session_name archived user role $role_name", 0, $role_id);
$_SESSION['alert_message'] = "User Role archived"; $_SESSION['alert_message'] = "User Role archived";

30
post/admin/admin_user.php
View File

@@ -15,7 +15,7 @@ if (isset($_POST['add_user'])) {
$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT); $password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password'])); $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext'"); mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' user_role_id = $role");
$user_id = mysqli_insert_id($mysqli); $user_id = mysqli_insert_id($mysqli);
@@ -23,7 +23,7 @@ if (isset($_POST['add_user'])) {
if (isset($_POST['clients'])) { if (isset($_POST['clients'])) {
foreach($_POST['clients'] as $client_id) { foreach($_POST['clients'] as $client_id) {
$client_id = intval($client_id); $client_id = intval($client_id);
mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id");
} }
} }
@@ -50,7 +50,7 @@ if (isset($_POST['add_user'])) {
} }
// Create Settings // Create Settings
mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa"); mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_config_force_mfa = $force_mfa");
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@@ -109,11 +109,11 @@ if (isset($_POST['edit_user'])) {
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
// Update Client Access // Update Client Access
mysqli_query($mysqli,"DELETE FROM user_permissions WHERE user_id = $user_id"); mysqli_query($mysqli,"DELETE FROM user_client_permissions WHERE user_id = $user_id");
if (isset($_POST['clients'])) { if (isset($_POST['clients'])) {
foreach($_POST['clients'] as $client_id) { foreach($_POST['clients'] as $client_id) {
$client_id = intval($client_id); $client_id = intval($client_id);
mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO user_client_permissions SET user_id = $user_id, client_id = $client_id");
} }
} }
@@ -153,7 +153,7 @@ if (isset($_POST['edit_user'])) {
} }
} }
mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id"); mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email', user_role_id = $role WHERE user_id = $user_id");
if (!empty($new_password)) { if (!empty($new_password)) {
$new_password = password_hash($new_password, PASSWORD_DEFAULT); $new_password = password_hash($new_password, PASSWORD_DEFAULT);
@@ -169,7 +169,7 @@ if (isset($_POST['edit_user'])) {
} }
//Update User Settings //Update User Settings
mysqli_query($mysqli, "UPDATE user_settings SET user_role = $role, user_config_force_mfa = $force_mfa WHERE user_id = $user_id"); mysqli_query($mysqli, "UPDATE user_settings SET user_config_force_mfa = $force_mfa WHERE user_id = $user_id");
// Logging // Logging
logAction("User", "Edit", "$session_name edited user $name", 0, $user_id); logAction("User", "Edit", "$session_name edited user $name", 0, $user_id);
@@ -280,13 +280,13 @@ if (isset($_GET['archive_user'])) {
if (isset($_POST['export_users_csv'])) { if (isset($_POST['export_users_csv'])) {
//get records from database //get records from database
$sql = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_roles ON user_role_id = role_id ORDER BY user_name ASC");
$count = mysqli_num_rows($sql); $count = mysqli_num_rows($sql);
if ($count > 0) { if ($count > 0) {
$delimiter = ", "; $delimiter = ",";
$filename = $session_company_name . "-Users-" . date('Y-m-d') . ".csv"; $filename = "Users-" . date('Y-m-d') . ".csv";
//create a file pointer //create a file pointer
$f = fopen('php://memory', 'w'); $f = fopen('php://memory', 'w');
@@ -306,16 +306,8 @@ if (isset($_POST['export_users_csv'])) {
} else{ } else{
$user_status_display = "Disabled"; $user_status_display = "Disabled";
} }
$user_role = $row['user_role'];
if ($user_role == 3) {
$user_role_display = "Administrator";
} elseif ($user_role == 2) {
$user_role_display = "Technician";
} else {
$user_role_display = "Accountant";
}
$lineData = array($row['user_name'], $row['user_email'], $user_role_display, $user_status_display, $row['user_created_at']); $lineData = array($row['user_name'], $row['user_email'], $row['role_name'], $user_status_display, $row['user_created_at']);
fputcsv($f, $lineData, $delimiter); fputcsv($f, $lineData, $delimiter);
} }

5
ticket.php
View File

@@ -278,9 +278,8 @@ if (isset($_GET['ticket_id'])) {
// Get Technicians to assign the ticket to // Get Technicians to assign the ticket to
$sql_assign_to_select = mysqli_query( $sql_assign_to_select = mysqli_query(
$mysqli, $mysqli,
"SELECT users.user_id, user_name FROM users "SELECT user_id, user_name FROM users
LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role_id > 1
WHERE user_role > 1
AND user_type = 1 AND user_type = 1
AND user_status = 1 AND user_status = 1
AND user_archived_at IS NULL AND user_archived_at IS NULL