BREAKING CHANGES - Many DB Updates - NOT POSSIBLE TO EASILY UPGRADE TO THIS - Completely reworked User Company Access Permssions, started working on Client Role so Clients can access their data and a bunch of other small fixes
This commit is contained in:
johnnyq
@@ -49,7 +49,7 @@
|
|||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
||||||
</div>
|
</div>
|
||||||
<select class="form-control select2" name="company" required>
|
<select class="form-control select2" name="default_company" required>
|
||||||
<option value="">- Company -</option>
|
<option value="">- Company -</option>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
@@ -68,18 +68,19 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Permission <strong class="text-danger">*</strong></label>
|
<label>Role <strong class="text-danger">*</strong></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
||||||
</div>
|
</div>
|
||||||
<select class="form-control select2" name="level" required>
|
<select class="form-control select2" name="level" required>
|
||||||
<option value="">- Permission -</option>
|
<option value="">- Role -</option>
|
||||||
<option value="5">Global Administrator</option>
|
<option value="6">Global Administrator</option>
|
||||||
<option value="4">Administrator</option>
|
<option value="5">Administrator</option>
|
||||||
<option value="3">Technician</option>
|
<option value="4">Technician</option>
|
||||||
<option value="2">IT Contractor</option>
|
<option value="3">IT Contractor</option>
|
||||||
<option value="1">Accounting</option>
|
<option value="2">Client</option>
|
||||||
|
<option value="1">Accountant</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_permission_companies)");
|
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)");
|
||||||
while($row = mysqli_fetch_array($sql)){
|
while($row = mysqli_fetch_array($sql)){
|
||||||
|
|
||||||
$company_id = $row['company_id'];
|
$company_id = $row['company_id'];
|
||||||
|
|||||||
@@ -15,31 +15,50 @@
|
|||||||
|
|
||||||
$session_user_id = $_SESSION['user_id'];
|
$session_user_id = $_SESSION['user_id'];
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM users, permissions WHERE users.user_id = permissions.user_id AND users.user_id = $session_user_id");
|
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
|
||||||
|
|
||||||
$row = mysqli_fetch_array($sql);
|
$row = mysqli_fetch_array($sql);
|
||||||
$session_name = $row['user_name'];
|
$session_name = $row['user_name'];
|
||||||
$session_email = $row['user_email'];
|
$session_email = $row['user_email'];
|
||||||
$session_avatar = $row['user_avatar'];
|
$session_avatar = $row['user_avatar'];
|
||||||
$session_company_id = $row['permission_default_company'];
|
|
||||||
$session_token = $row['user_token'];
|
$session_token = $row['user_token'];
|
||||||
|
$session_company_id = $row['user_default_company'];
|
||||||
$session_permission_level = $row['permission_level'];
|
$session_user_role = $row['user_role'];
|
||||||
if($session_permission_level == 5){
|
if($session_user_role == 6){
|
||||||
$session_permission_level_display = "Global Administrator";
|
$session_user_role_display = "Global Administrator";
|
||||||
}elseif($session_permission_level == 4){
|
}elseif($session_user_role == 5){
|
||||||
$session_permission_level_display = "Administrator";
|
$session_user_role_display = "Administrator";
|
||||||
}elseif($session_permission_level == 3){
|
}elseif($session_user_role == 4){
|
||||||
$session_permission_level_display = "Technician";
|
$session_user_role_display = "Technician";
|
||||||
}elseif($session_permission_level == 2){
|
}elseif($session_user_role == 3){
|
||||||
$session_permission_level_display = "IT Contractor";
|
$session_user_role_display = "IT Contractor";
|
||||||
|
}elseif($session_user_role == 2){
|
||||||
|
$session_user_role_display = "Client";
|
||||||
}else{
|
}else{
|
||||||
$session_permission_level_display = "Accounting";
|
$session_user_role_display = "Accountant";
|
||||||
}
|
}
|
||||||
$session_permission_companies_array = explode(",",$row['permission_companies']);
|
|
||||||
$session_permission_companies = $row['permission_companies'];
|
//LOAD USER COMPANY ACCESS PERMISSIONS
|
||||||
$session_permission_clients_array = explode(",",$row['permission_clients']);
|
$session_user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
|
||||||
$session_permission_clients = $row['permission_clients'];
|
$session_user_company_access_array = array();
|
||||||
|
while($row = mysqli_fetch_array($session_user_company_access_sql)){
|
||||||
|
$session_user_company_access_array[] = $row['company_id'];
|
||||||
|
}
|
||||||
|
$session_user_company_access = implode(',',$session_user_company_access_array);
|
||||||
|
|
||||||
|
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
|
||||||
|
if(!in_array($session_company_id,$session_user_company_access_array)){
|
||||||
|
session_start();
|
||||||
|
session_destroy();
|
||||||
|
header('Location: login.php');
|
||||||
|
}
|
||||||
|
|
||||||
|
//LOAD USER CLIENT ACCESS PERMISSIONS
|
||||||
|
$session_user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_clients WHERE user_id = $session_user_id");
|
||||||
|
$session_user_client_access_array = array();
|
||||||
|
while($row = mysqli_fetch_array($session_user_client_access_sql)){
|
||||||
|
$session_user_client_access_array[] = $row['client_id'];
|
||||||
|
}
|
||||||
|
$session_user_client_access = implode(',',$session_user_client_access_array);
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
|
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
|
||||||
$row = mysqli_fetch_array($sql);
|
$row = mysqli_fetch_array($sql);
|
||||||
@@ -65,4 +84,4 @@
|
|||||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('alert_id') AS num FROM alerts WHERE alert_ack_date IS NULL AND company_id = $session_company_id"));
|
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('alert_id') AS num FROM alerts WHERE alert_ack_date IS NULL AND company_id = $session_company_id"));
|
||||||
$num_alerts = $row['num'];
|
$num_alerts = $row['num'];
|
||||||
|
|
||||||
?>
|
?>
|
||||||
@@ -202,7 +202,7 @@ $location_phone = formatPhoneNumber($location_phone);
|
|||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
<?php if($session_permission_level == 1 OR $session_permission_level > 3){ ?>
|
<?php if($session_user_role == 1 OR $session_user_role > 3){ ?>
|
||||||
<div class="col-md-3 border-left">
|
<div class="col-md-3 border-left">
|
||||||
<h4 class="text-secondary">Billing</h4>
|
<h4 class="text-secondary">Billing</h4>
|
||||||
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo get_currency_symbol($session_company_currency); ?> <?php echo number_format($amount_paid,2); ?></div></h6>
|
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo get_currency_symbol($session_company_currency); ?> <?php echo number_format($amount_paid,2); ?></div></h6>
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
<?php include("header.php");
|
<?php include("header.php");
|
||||||
|
|
||||||
//Permission check
|
// Role / Client Access Permission Check
|
||||||
if($session_permission_level == 2){
|
if($session_user_role == 2){
|
||||||
$permission_sql = "AND client_id IN ($session_permission_clients)";
|
$permission_sql = "AND client_id IN ($session_user_client_access)";
|
||||||
}else{
|
}else{
|
||||||
$permission_sql = "";
|
$permission_sql = "";
|
||||||
}
|
}
|
||||||
|
|||||||
99
db.sql
99
db.sql
@@ -54,6 +54,24 @@ CREATE TABLE `alerts` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table `api_keys`
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `api_keys`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `api_keys` (
|
||||||
|
`api_key_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`api_key_secret` varchar(255) NOT NULL,
|
||||||
|
`api_key_description` varchar(255) DEFAULT NULL,
|
||||||
|
`api_key_created_at` datetime NOT NULL,
|
||||||
|
`api_key_expire` datetime NOT NULL,
|
||||||
|
`company_id` int(11) NOT NULL,
|
||||||
|
PRIMARY KEY (`api_key_id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `assets`
|
-- Table structure for table `assets`
|
||||||
--
|
--
|
||||||
@@ -582,6 +600,8 @@ CREATE TABLE `logs` (
|
|||||||
`log_type` varchar(200) NOT NULL,
|
`log_type` varchar(200) NOT NULL,
|
||||||
`log_action` varchar(255) NOT NULL,
|
`log_action` varchar(255) NOT NULL,
|
||||||
`log_description` varchar(255) NOT NULL,
|
`log_description` varchar(255) NOT NULL,
|
||||||
|
`log_ip` varchar(200) DEFAULT NULL,
|
||||||
|
`log_user_agent` varchar(250) DEFAULT NULL,
|
||||||
`log_created_at` datetime NOT NULL,
|
`log_created_at` datetime NOT NULL,
|
||||||
`log_archived_at` datetime DEFAULT NULL,
|
`log_archived_at` datetime DEFAULT NULL,
|
||||||
`log_client_id` int(11) DEFAULT NULL,
|
`log_client_id` int(11) DEFAULT NULL,
|
||||||
@@ -663,25 +683,6 @@ CREATE TABLE `payments` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
--
|
|
||||||
-- Table structure for table `permissions`
|
|
||||||
--
|
|
||||||
|
|
||||||
DROP TABLE IF EXISTS `permissions`;
|
|
||||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
|
||||||
/*!40101 SET character_set_client = utf8 */;
|
|
||||||
CREATE TABLE `permissions` (
|
|
||||||
`permission_id` int(11) NOT NULL AUTO_INCREMENT,
|
|
||||||
`permission_level` tinyint(1) NOT NULL,
|
|
||||||
`permission_default_company` int(11) NOT NULL,
|
|
||||||
`permission_companies` varchar(500) NOT NULL,
|
|
||||||
`permission_clients` varchar(500) DEFAULT NULL,
|
|
||||||
`permission_actions` tinyint(1) DEFAULT NULL,
|
|
||||||
`user_id` int(11) NOT NULL,
|
|
||||||
PRIMARY KEY (`permission_id`)
|
|
||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `products`
|
-- Table structure for table `products`
|
||||||
--
|
--
|
||||||
@@ -810,6 +811,20 @@ CREATE TABLE `revenues` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table `roles`
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `roles`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `roles` (
|
||||||
|
`role_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`role_name` varchar(200) NOT NULL,
|
||||||
|
PRIMARY KEY (`role_id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `settings`
|
-- Table structure for table `settings`
|
||||||
--
|
--
|
||||||
@@ -1019,6 +1034,34 @@ CREATE TABLE `trips` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table `user_clients`
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `user_clients`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `user_clients` (
|
||||||
|
`user_id` int(11) NOT NULL,
|
||||||
|
`client_id` int(11) NOT NULL,
|
||||||
|
PRIMARY KEY (`user_id`,`client_id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table `user_companies`
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `user_companies`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `user_companies` (
|
||||||
|
`user_id` int(11) NOT NULL,
|
||||||
|
`company_id` int(11) NOT NULL,
|
||||||
|
PRIMARY KEY (`user_id`,`company_id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `user_keys`
|
-- Table structure for table `user_keys`
|
||||||
--
|
--
|
||||||
@@ -1035,6 +1078,21 @@ CREATE TABLE `user_keys` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table `user_settings`
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `user_settings`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `user_settings` (
|
||||||
|
`user_id` int(11) NOT NULL,
|
||||||
|
`user_default_company` int(11) NOT NULL,
|
||||||
|
`user_role` int(11) NOT NULL,
|
||||||
|
PRIMARY KEY (`user_id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `users`
|
-- Table structure for table `users`
|
||||||
--
|
--
|
||||||
@@ -1052,6 +1110,7 @@ CREATE TABLE `users` (
|
|||||||
`user_created_at` datetime NOT NULL,
|
`user_created_at` datetime NOT NULL,
|
||||||
`user_updated_at` datetime DEFAULT NULL,
|
`user_updated_at` datetime DEFAULT NULL,
|
||||||
`user_archived_at` datetime DEFAULT NULL,
|
`user_archived_at` datetime DEFAULT NULL,
|
||||||
|
`role_id` int(11) NOT NULL,
|
||||||
PRIMARY KEY (`user_id`)
|
PRIMARY KEY (`user_id`)
|
||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
@@ -1098,4 +1157,4 @@ CREATE TABLE `vendors` (
|
|||||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||||
|
|
||||||
-- Dump completed on 2021-12-08 22:31:20
|
-- Dump completed on 2021-12-22 13:04:22
|
||||||
|
|||||||
@@ -62,7 +62,7 @@
|
|||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
|
||||||
</div>
|
</div>
|
||||||
<select class="form-control select2" name="company" required>
|
<select class="form-control select2" name="default_company" required>
|
||||||
<option value="">- Company -</option>
|
<option value="">- Company -</option>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
@@ -71,7 +71,7 @@
|
|||||||
$company_id_select = $row['company_id'];
|
$company_id_select = $row['company_id'];
|
||||||
$company_name_select = $row['company_name'];
|
$company_name_select = $row['company_name'];
|
||||||
?>
|
?>
|
||||||
<option <?php if($company_id_select == $permission_default_company){ echo "selected"; } ?> value="<?php echo $company_id_select; ?>"><?php echo $company_name_select; ?></option>
|
<option <?php if($company_id_select == $user_default_company){ echo "selected"; } ?> value="<?php echo $company_id_select; ?>"><?php echo $company_name_select; ?></option>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
@@ -81,18 +81,19 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Permission <strong class="text-danger">*</strong></label>
|
<label>Role <strong class="text-danger">*</strong></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
|
||||||
</div>
|
</div>
|
||||||
<select class="form-control select2" name="level" required>
|
<select class="form-control select2" name="role" required>
|
||||||
<option value="">- Permission -</option>
|
<option value="">- Role -</option>
|
||||||
<option <?php if($permission_level == 5){ echo "selected"; } ?> value="5">Global Admininstrator</option>
|
<option <?php if($user_role == 6){ echo "selected"; } ?> value="6">Global Admininstrator</option>
|
||||||
<option <?php if($permission_level == 4){ echo "selected"; } ?> value="4">Administrator</option>
|
<option <?php if($user_role == 5){ echo "selected"; } ?> value="5">Administrator</option>
|
||||||
<option <?php if($permission_level == 3){ echo "selected"; } ?> value="3">Technician</option>
|
<option <?php if($user_role == 4){ echo "selected"; } ?> value="4">Technician</option>
|
||||||
<option <?php if($permission_level == 2){ echo "selected"; } ?> value="2">IT Contractor</option>
|
<option <?php if($user_role == 3){ echo "selected"; } ?> value="3">IT Contractor</option>
|
||||||
<option <?php if($permission_level == 1){ echo "selected"; } ?> value="1">Accounting</option>
|
<option <?php if($user_role == 2){ echo "selected"; } ?> value="2">Client</option>
|
||||||
|
<option <?php if($user_role == 1){ echo "selected"; } ?> value="1">Accountant</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ scratch. This page gets rid of all links and provides the needed markup only.
|
|||||||
|
|
||||||
if(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "client.php"){
|
if(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "client.php"){
|
||||||
include("client_side_nav.php");
|
include("client_side_nav.php");
|
||||||
}elseif(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "settings-general.php"){
|
//}elseif(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "settings-general.php"){
|
||||||
include("admin_side_nav.php");
|
//include("admin_side_nav.php");
|
||||||
}else{
|
}else{
|
||||||
include("side_nav.php");
|
include("side_nav.php");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -272,7 +272,7 @@ if(isset($_GET['invoice_id'])){
|
|||||||
<td class="text-center"><?php echo $item_quantity; ?></td>
|
<td class="text-center"><?php echo $item_quantity; ?></td>
|
||||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_price,2); ?></td>
|
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_price,2); ?></td>
|
||||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_tax,2); ?></td>
|
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_tax,2); ?></td>
|
||||||
<td class="text-right"><?php echo $client_currency_symbol; ?> <?php echo number_format($item_total,2); ?></td>
|
<td class="text-right"><?php echo $client_currency_symbol; ?><?php echo number_format($item_total,2); ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
11
login.php
11
login.php
@@ -24,18 +24,17 @@ session_start();
|
|||||||
|
|
||||||
if(isset($_POST['login'])){
|
if(isset($_POST['login'])){
|
||||||
|
|
||||||
$username = strip_tags(mysqli_real_escape_string($mysqli,$_POST['username']));
|
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
|
||||||
$password = $_POST['password'];
|
$password = $_POST['password'];
|
||||||
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
||||||
if(!empty($current_code)){
|
if(!empty($current_code)){
|
||||||
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
$current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
|
||||||
}
|
}
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username'");
|
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$email'");
|
||||||
$row = mysqli_fetch_array($sql);
|
$row = mysqli_fetch_array($sql);
|
||||||
|
|
||||||
if(password_verify($password, $row['user_password'])){
|
if(password_verify($password, $row['user_password'])){
|
||||||
|
|
||||||
|
|
||||||
$token = $row['user_token'];
|
$token = $row['user_token'];
|
||||||
$_SESSION['user_id'] = $row['user_id'];
|
$_SESSION['user_id'] = $row['user_id'];
|
||||||
$_SESSION['user_name'] = $row['user_name'];
|
$_SESSION['user_name'] = $row['user_name'];
|
||||||
@@ -77,7 +76,7 @@ if(isset($_POST['login'])){
|
|||||||
}
|
}
|
||||||
|
|
||||||
}else{
|
}else{
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username failed to log in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
|
||||||
|
|
||||||
$response = "
|
$response = "
|
||||||
<div class='alert alert-danger'>
|
<div class='alert alert-danger'>
|
||||||
@@ -118,7 +117,7 @@ if(isset($_POST['login'])){
|
|||||||
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
|
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<div class="input-group mb-3">
|
<div class="input-group mb-3">
|
||||||
<input type="text" class="form-control" placeholder="Email" name="username" value="<?php if(!empty($token_field)){ echo $username; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
|
<input type="text" class="form-control" placeholder="Email" name="email" value="<?php if(!empty($token_field)){ echo $email; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
|
||||||
<div class="input-group-append">
|
<div class="input-group-append">
|
||||||
<div class="input-group-text">
|
<div class="input-group-text">
|
||||||
<span class="fas fa-envelope"></span>
|
<span class="fas fa-envelope"></span>
|
||||||
@@ -164,4 +163,4 @@ if(isset($_POST['login'])){
|
|||||||
</script>
|
</script>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
55
post.php
55
post.php
@@ -21,10 +21,16 @@ if(isset($_POST['change_records_per_page'])){
|
|||||||
if(isset($_GET['switch_company'])){
|
if(isset($_GET['switch_company'])){
|
||||||
$company_id = intval($_GET['switch_company']);
|
$company_id = intval($_GET['switch_company']);
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE permissions SET permission_default_company = $company_id WHERE user_id = $session_user_id");
|
//Check to see if user has Permission to access the company
|
||||||
|
if(in_array($company_id,$session_user_company_access_array)){
|
||||||
|
mysqli_query($mysqli,"UPDATE user_settings SET user_default_company = $company_id WHERE user_id = $session_user_id");
|
||||||
|
|
||||||
$_SESSION['alert_type'] = "info";
|
$_SESSION['alert_type'] = "info";
|
||||||
$_SESSION['alert_message'] = "Switched Companies!";
|
$_SESSION['alert_message'] = "Switched Companies!";
|
||||||
|
}else{
|
||||||
|
$_SESSION['alert_type'] = "danger";
|
||||||
|
$_SESSION['alert_message'] = "What are you trying to DO! WHy did you do this? WHYYY??";
|
||||||
|
}
|
||||||
|
|
||||||
header("Location: dashboard.php");
|
header("Location: dashboard.php");
|
||||||
|
|
||||||
@@ -35,8 +41,8 @@ if(isset($_POST['add_user'])){
|
|||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
||||||
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
||||||
$company = intval($_POST['company']);
|
$default_company = intval($_POST['default_company']);
|
||||||
$level = intval($_POST['level']);
|
$role = intval($_POST['role']);
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()");
|
||||||
|
|
||||||
@@ -89,9 +95,12 @@ if(isset($_POST['add_user'])){
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//Create Permissions
|
//Create Settings
|
||||||
mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id");
|
mysqli_query($mysqli,"INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_default_company = $default_company");
|
||||||
|
|
||||||
|
//Create Company Access Permissions
|
||||||
|
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
|
||||||
|
|
||||||
//logging
|
//logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$name', log_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$name', log_created_at = NOW()");
|
||||||
|
|
||||||
@@ -107,8 +116,8 @@ if(isset($_POST['edit_user'])){
|
|||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
|
||||||
$new_password = trim($_POST['new_password']);
|
$new_password = trim($_POST['new_password']);
|
||||||
$company = intval($_POST['company']);
|
$default_company = intval($_POST['default_company']);
|
||||||
$level = intval($_POST['level']);
|
$role = intval($_POST['role']);
|
||||||
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
|
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
|
||||||
|
|
||||||
if(!file_exists("uploads/users/$user_id/")) {
|
if(!file_exists("uploads/users/$user_id/")) {
|
||||||
@@ -167,8 +176,8 @@ if(isset($_POST['edit_user'])){
|
|||||||
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
|
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
|
||||||
}
|
}
|
||||||
|
|
||||||
//Create Permissions
|
//Update User Settings
|
||||||
mysqli_query($mysqli,"UPDATE permissions SET permission_level = $level, permission_default_company = $company WHERE user_id = $user_id");
|
mysqli_query($mysqli,"UPDATE user_settings SET user_role = $role, user_default_company = $default_company WHERE user_id = $user_id");
|
||||||
|
|
||||||
//logging
|
//logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$user_name', log_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$user_name', log_created_at = NOW()");
|
||||||
@@ -251,12 +260,13 @@ if(isset($_POST['edit_profile'])){
|
|||||||
if(isset($_POST['edit_user_companies'])){
|
if(isset($_POST['edit_user_companies'])){
|
||||||
|
|
||||||
$user_id = intval($_POST['user_id']);
|
$user_id = intval($_POST['user_id']);
|
||||||
$companies = mysqli_real_escape_string($mysqli,$_POST['companies']);
|
|
||||||
|
|
||||||
//Turn the Array into a string with , seperation
|
mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
|
||||||
$companies_imploded = implode(",",$companies);
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE permissions SET permission_companies = '$companies_imploded' WHERE user_id = $user_id");
|
foreach($_POST['companies'] as $company){
|
||||||
|
intval($company);
|
||||||
|
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company");
|
||||||
|
}
|
||||||
|
|
||||||
//logging
|
//logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
||||||
@@ -270,12 +280,13 @@ if(isset($_POST['edit_user_companies'])){
|
|||||||
if(isset($_POST['edit_user_clients'])){
|
if(isset($_POST['edit_user_clients'])){
|
||||||
|
|
||||||
$user_id = intval($_POST['user_id']);
|
$user_id = intval($_POST['user_id']);
|
||||||
$clients = mysqli_real_escape_string($mysqli,$_POST['clients']);
|
|
||||||
|
|
||||||
//Turn the Array into a string with , seperation
|
mysqli_query($mysqli,"DELETE FROM user_clients WHERE user_id = $user_id");
|
||||||
$clients_imploded = implode(",",$clients);
|
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE permissions SET permission_clients = '$clients_imploded' WHERE user_id = $user_id");
|
foreach($_POST['clients'] as $client){
|
||||||
|
intval($client);
|
||||||
|
mysqli_query($mysqli,"INSERT INTO user_clients SET user_id = $user_id, client_id = $client");
|
||||||
|
}
|
||||||
|
|
||||||
//logging
|
//logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
|
||||||
@@ -304,7 +315,7 @@ if(isset($_GET['delete_user'])){
|
|||||||
$user_id = intval($_GET['delete_user']);
|
$user_id = intval($_GET['delete_user']);
|
||||||
|
|
||||||
mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
|
mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
|
||||||
mysqli_query($mysqli,"DELETE FROM permissions WHERE user_id = $user_id");
|
mysqli_query($mysqli,"DELETE FROM user_settings WHERE user_id = $user_id");
|
||||||
mysqli_query($mysqli,"DELETE FROM logs WHERE log_user_id = $user_id");
|
mysqli_query($mysqli,"DELETE FROM logs WHERE log_user_id = $user_id");
|
||||||
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
|
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
|
||||||
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
|
mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
|
||||||
@@ -904,7 +915,7 @@ if(isset($_POST['add_client'])){
|
|||||||
}
|
}
|
||||||
|
|
||||||
//Log Add Client
|
//Log Add Client
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
|
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
|
||||||
|
|
||||||
//Add Location
|
//Add Location
|
||||||
if(!empty($address) OR !empty($city) OR !empty($state) OR !empty($zip)){
|
if(!empty($address) OR !empty($city) OR !empty($state) OR !empty($zip)){
|
||||||
|
|||||||
@@ -441,6 +441,9 @@ if(isset($_POST['add_user'])){
|
|||||||
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
|
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//Create Settings
|
||||||
|
mysqli_query($mysqli,"INSERT INTO user_settings SET user_id = $user_id, user_role = 6, user_default_company = 1");
|
||||||
|
|
||||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
|
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
|
||||||
|
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
<!-- Sidebar Menu -->
|
<!-- Sidebar Menu -->
|
||||||
<nav class="mt-3">
|
<nav class="mt-3">
|
||||||
<?php
|
<?php
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_permission_companies)");
|
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_user_company_access)");
|
||||||
|
|
||||||
if(mysqli_num_rows($sql) > 1){
|
if(mysqli_num_rows($sql) > 1){
|
||||||
|
|
||||||
@@ -62,7 +62,7 @@
|
|||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<?php if($session_permission_level > 2){ ?>
|
<?php if($session_user_role > 2){ ?>
|
||||||
|
|
||||||
<li class="nav-header mt-3">SUPPORT</li>
|
<li class="nav-header mt-3">SUPPORT</li>
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
@@ -93,7 +93,7 @@
|
|||||||
|
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<?php if($session_permission_level == 1 OR $session_permission_level > 3){ ?>
|
<?php if($session_user_role == 1 OR $session_user_role > 3){ ?>
|
||||||
|
|
||||||
<li class="nav-header mt-3">SALES</li>
|
<li class="nav-header mt-3">SALES</li>
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
@@ -202,7 +202,7 @@
|
|||||||
|
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<?php if($session_permission_level > 3){ ?>
|
<?php if($session_user_role > 3){ ?>
|
||||||
|
|
||||||
<li class="nav-header mt-3">SETTINGS</li>
|
<li class="nav-header mt-3">SETTINGS</li>
|
||||||
|
|
||||||
|
|||||||
@@ -123,7 +123,7 @@ if(isset($_GET['ticket_id'])){
|
|||||||
<form class="mb-3" action="post.php" method="post" autocomplete="off">
|
<form class="mb-3" action="post.php" method="post" autocomplete="off">
|
||||||
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
|
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<textarea class="form-control summernote" name="ticket_reply"></textarea>
|
<textarea class="form-control summernote" name="ticket_reply" required></textarea>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<div class="col-md-3">
|
<div class="col-md-3">
|
||||||
|
|||||||
@@ -52,7 +52,7 @@
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
<p>
|
<p>
|
||||||
<?php echo $session_name; ?>
|
<?php echo $session_name; ?>
|
||||||
<small><?php echo $session_permission_level_display; ?></small>
|
<small><?php echo $session_user_role_display; ?></small>
|
||||||
</p>
|
</p>
|
||||||
</li>
|
</li>
|
||||||
<!-- Menu Footer-->
|
<!-- Menu Footer-->
|
||||||
|
|||||||
@@ -19,7 +19,7 @@
|
|||||||
<ul class="list-group">
|
<ul class="list-group">
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
$sql_clients_select = mysqli_query($mysqli,"SELECT * FROM clients, companies WHERE clients.company_id = companies.company_id AND companies.company_id IN ($permission_companies) ORDER BY client_name ASC");
|
$sql_clients_select = mysqli_query($mysqli,"SELECT * FROM clients, companies WHERE clients.company_id = companies.company_id AND companies.company_id IN ($user_company_access) ORDER BY client_name ASC");
|
||||||
|
|
||||||
while($row = mysqli_fetch_array($sql_clients_select)){
|
while($row = mysqli_fetch_array($sql_clients_select)){
|
||||||
$client_id_select = $row['client_id'];
|
$client_id_select = $row['client_id'];
|
||||||
@@ -30,7 +30,7 @@
|
|||||||
?>
|
?>
|
||||||
<li class="list-group-item">
|
<li class="list-group-item">
|
||||||
<div class="form-check">
|
<div class="form-check">
|
||||||
<input type="checkbox" class="form-check-input" name="clients[]" value="<?php echo $client_id_select; ?>" <?php if(in_array("$client_id_select",$permission_clients_array)){ echo "checked"; } ?> >
|
<input type="checkbox" class="form-check-input" name="clients[]" value="<?php echo $client_id_select; ?>" <?php if(in_array("$client_id_select",$user_client_access_array)){ echo "checked"; } ?> >
|
||||||
<label class="form-check-label ml-2"><?php echo $client_name_select; ?></label>
|
<label class="form-check-label ml-2"><?php echo $client_name_select; ?></label>
|
||||||
</div>
|
</div>
|
||||||
</li>
|
</li>
|
||||||
|
|||||||
@@ -9,7 +9,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<form action="post.php" method="post" autocomplete="off">
|
<form action="post.php" method="post" autocomplete="off">
|
||||||
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
|
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
|
||||||
<input type="hidden" name="companies[]" value="<?php echo $permission_default_company; ?>">
|
<input type="hidden" name="companies[]" value="<?php echo $user_default_company; ?>">
|
||||||
|
|
||||||
<div class="modal-body bg-white">
|
<div class="modal-body bg-white">
|
||||||
|
|
||||||
@@ -29,8 +29,8 @@
|
|||||||
?>
|
?>
|
||||||
<li class="list-group-item">
|
<li class="list-group-item">
|
||||||
<div class="form-check">
|
<div class="form-check">
|
||||||
<input type="checkbox" class="form-check-input" name="companies[]" value="<?php echo $company_id_select; ?>" <?php if(in_array("$company_id_select",$permission_companies_array)){ echo "checked"; } ?> <?php if($permission_default_company == $company_id_select){ echo "disabled"; } ?>>
|
<input type="checkbox" class="form-check-input" name="companies[]" value="<?php echo $company_id_select; ?>" <?php if(in_array("$company_id_select",$user_company_access_array)){ echo "checked"; } ?> <?php if($user_default_company == $company_id_select){ echo "disabled"; } ?>>
|
||||||
<label class="form-check-label ml-2"><?php echo $company_name_select; ?> <?php if($permission_default_company == $company_id_select){ echo "<small>(Default Company)</small>"; } ?></label>
|
<label class="form-check-label ml-2"><?php echo $company_name_select; ?> <?php if($user_default_company == $company_id_select){ echo "<small>(Default Company)</small>"; } ?></label>
|
||||||
</div>
|
</div>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
|||||||
49
users.php
49
users.php
@@ -39,8 +39,8 @@
|
|||||||
//Rebuild URL
|
//Rebuild URL
|
||||||
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, permissions
|
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
|
||||||
WHERE users.user_id = permissions.user_id
|
WHERE users.user_id = user_settings.user_id
|
||||||
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
|
AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
|
||||||
ORDER BY $sb $o LIMIT $record_from, $record_to");
|
ORDER BY $sb $o LIMIT $record_from, $record_to");
|
||||||
|
|
||||||
@@ -85,24 +85,35 @@
|
|||||||
$user_name = $row['user_name'];
|
$user_name = $row['user_name'];
|
||||||
$user_email = $row['user_email'];
|
$user_email = $row['user_email'];
|
||||||
$user_avatar = $row['user_avatar'];
|
$user_avatar = $row['user_avatar'];
|
||||||
$permission_default_company = $row['permission_default_company'];
|
$user_default_company = $row['user_default_company'];
|
||||||
$permission_level = $row['permission_level'];
|
$user_role = $row['user_role'];
|
||||||
if($permission_level == 5){
|
if($user_role == 6){
|
||||||
$permission_level_display = "Global Administrator";
|
$user_role_display = "Global Administrator";
|
||||||
}elseif($permission_level == 4){
|
}elseif($user_role == 5){
|
||||||
$permission_level_display = "Administrator";
|
$user_role_display = "Administrator";
|
||||||
}elseif($permission_level == 3){
|
}elseif($user_role == 4){
|
||||||
$permission_level_display = "Technician";
|
$user_role_display = "Technician";
|
||||||
}elseif($permission_level == 2){
|
}elseif($user_role == 3){
|
||||||
$permission_level_display = "IT Contractor";
|
$user_role_display = "IT Contractor";
|
||||||
|
}elseif($user_role == 2){
|
||||||
|
$user_role_display = "Client";
|
||||||
}else{
|
}else{
|
||||||
$permission_level_display = "Accounting";
|
$user_role_display = "Accountant";
|
||||||
}
|
}
|
||||||
$permission_companies = $row['permission_companies'];
|
$user_company_access_sql = mysqli_query($mysqli,"SELECT company_id FROM user_companies WHERE user_id = $user_id");
|
||||||
$permission_companies_array = explode(",",$permission_companies);
|
$user_company_access_array = array();
|
||||||
$permission_clients = $row['permission_clients'];
|
while($row = mysqli_fetch_array($user_company_access_sql)){
|
||||||
$permission_clients_array = explode(",",$permission_clients);
|
$user_company_access_array[] = $row['company_id'];
|
||||||
$permission_actions = $row['permission_actions'];
|
}
|
||||||
|
$user_company_access = implode(',',$user_company_access_array);
|
||||||
|
|
||||||
|
$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_clients WHERE user_id = $user_id");
|
||||||
|
$user_client_access_array = array();
|
||||||
|
while($row = mysqli_fetch_array($user_client_access_sql)){
|
||||||
|
$user_client_access_array[] = $row['client_id'];
|
||||||
|
}
|
||||||
|
$user_client_access = implode(',',$user_client_access_array);
|
||||||
|
|
||||||
$user_initials = initials($user_name);
|
$user_initials = initials($user_name);
|
||||||
|
|
||||||
$sql_last_login = mysqli_query($mysqli,"SELECT * FROM logs
|
$sql_last_login = mysqli_query($mysqli,"SELECT * FROM logs
|
||||||
@@ -137,7 +148,7 @@
|
|||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
<td><a href="mailto:<?php echo $email; ?>"><?php echo $user_email; ?></a></td>
|
<td><a href="mailto:<?php echo $email; ?>"><?php echo $user_email; ?></a></td>
|
||||||
<td><?php echo $permission_level_display; ?></td>
|
<td><?php echo $user_role_display; ?></td>
|
||||||
<td>-</td>
|
<td>-</td>
|
||||||
<td><?php echo $log_created_at; ?> <br> <small class="text-secondary"><?php echo $last_login; ?></small></td>
|
<td><?php echo $log_created_at; ?> <br> <small class="text-secondary"><?php echo $last_login; ?></small></td>
|
||||||
<td>
|
<td>
|
||||||
|
|||||||
Reference in New Issue
Block a user