Refactor geolocation queries to use AND conditions for better accuracy. Update permission checks for equipment management to utilize unified 'equipment' scope. Enhance user role assignment logic to ensure correct username usage. Improve session error handling in login and index files for clearer user feedback.
This commit is contained in:
“VeLiTi”
@@ -179,9 +179,9 @@ switch ($action) {
|
||||
case 'geolocation':
|
||||
|
||||
if ($whereclause == ''){
|
||||
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
|
||||
$whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
|
||||
} else {
|
||||
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]';
|
||||
$whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
|
||||
}
|
||||
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
|
||||
|
||||
|
||||
@@ -217,18 +217,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
//delete equipment
|
||||
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
@@ -179,9 +179,9 @@ switch ($action) {
|
||||
case 'geolocation':
|
||||
|
||||
if ($whereclause == ''){
|
||||
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
|
||||
$whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
|
||||
} else {
|
||||
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]';
|
||||
$whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
|
||||
}
|
||||
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
|
||||
|
||||
|
||||
@@ -224,18 +224,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
//delete equipment
|
||||
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
@@ -48,11 +48,11 @@ if (isset($post_content['batch_update']) && isset($post_content['user_id']) && i
|
||||
if ($existing){
|
||||
//Reactivate existing assignment
|
||||
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
|
||||
$stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
|
||||
$stmt->execute([$username, $date, $username, $date, $$username]);
|
||||
} else {
|
||||
//Create new assignment
|
||||
$stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
|
||||
$stmt->execute([$user_id, $role_id, $username, $date, $date, $userkey]);
|
||||
$stmt->execute([$user_id, $role_id, $username, $date, $date, $username]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -266,10 +266,17 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
|
||||
// Get the new user ID
|
||||
$new_user_id = $pdo->lastInsertId();
|
||||
|
||||
//STEP 2- Send to user
|
||||
$mail_location = (file_exists($_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php') ? $_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php' : './assets/mail/email_template_new.php');
|
||||
include_once $mail_location;
|
||||
send_mail($post_content['email'],$subject,$message,'','');
|
||||
|
||||
// Return the new user ID
|
||||
$result = json_encode(['id' => (int)$new_user_id], JSON_UNESCAPED_UNICODE);
|
||||
echo $result;
|
||||
} else {
|
||||
//------------------------------------------
|
||||
//JSON_ENCODE
|
||||
|
||||
@@ -7,7 +7,7 @@ if (debug && debug_id == $_SESSION['authorization']['id']){
|
||||
error_reporting(E_ALL);
|
||||
}
|
||||
|
||||
$page = 'equipment_manage';
|
||||
$page = 'equipment';
|
||||
$page_edit = 'equipment_manage_edit';
|
||||
//Check if allowed
|
||||
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
|
||||
|
||||
@@ -22,7 +22,7 @@ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authori
|
||||
exit;
|
||||
}
|
||||
//PAGE Security
|
||||
$page_manage = 'equipment_manage';
|
||||
$page_manage = 'equipment';
|
||||
$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
|
||||
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
|
||||
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
|
||||
|
||||
@@ -37,14 +37,14 @@ if (!isset($_SESSION['authorization']['id']) && isset($_SESSION['authorization']
|
||||
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
|
||||
|
||||
//STORE DATA IN SESSION
|
||||
if (is_array($responses) && !isset($responses['error'])) {
|
||||
if (is_array($responses) && !isset($responses['error_code'])) {
|
||||
foreach($responses as $key => $value){
|
||||
$_SESSION['authorization'][$key] = $value;
|
||||
}
|
||||
} else {
|
||||
// API call failed or returned error - redirect to login
|
||||
// API call failed or returned error - redirect to login with error message
|
||||
session_destroy();
|
||||
header('location: login.php');
|
||||
header('location: login.php?error=session_expired');
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,6 +53,11 @@ $username = $password = '';
|
||||
$username_err = $password_err = '';
|
||||
$retry = 0;
|
||||
|
||||
// Check for error parameter from redirects
|
||||
if (isset($_GET['error']) && $_GET['error'] === 'session_expired') {
|
||||
$password_err = $password_err_2 ?? 'Session expired or invalid. Please login again.';
|
||||
}
|
||||
|
||||
// Process submitted form data
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user