Skip to content

Commit 987cd59

Browse files
author
wrongecho
committed
Tidying
- Move more things to new permissions system - Deduplicate assets post logic into model - Swap out some "SELECT *" queries when only a couple of rows are actually needed
1 parent e90200a commit 987cd59

25 files changed

+188
-220
lines changed

admin_api_key_add_modal.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@
6060
<select class="form-control select2" name="client" required>
6161
<option value="0"> ALL CLIENTS </option>
6262
<?php
63-
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
63+
$sql = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients WHERE client_archived_at IS NULL ORDER BY client_name ASC");
6464
while ($row = mysqli_fetch_array($sql)) {
6565
$client_id = intval($row['client_id']);
6666
$client_name = nullable_htmlentities($row['client_name']); ?>

client_document_details.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@
177177
</button>
178178
</h6>
179179
<?php
180-
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts, contact_documents
180+
$sql_contacts = mysqli_query($mysqli, "SELECT contacts.contact_id, contact_name FROM contacts, contact_documents
181181
WHERE contacts.contact_id = contact_documents.contact_id
182182
AND contact_documents.document_id = $document_id
183183
ORDER BY contact_name ASC"
@@ -208,7 +208,7 @@
208208
</button>
209209
</h6>
210210
<?php
211-
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets, asset_documents
211+
$sql_assets = mysqli_query($mysqli, "SELECT assets.asset_id, asset_name FROM assets, asset_documents
212212
WHERE assets.asset_id = asset_documents.asset_id
213213
AND asset_documents.document_id = $document_id
214214
ORDER BY asset_name ASC"
@@ -239,7 +239,7 @@
239239
</button>
240240
</h6>
241241
<?php
242-
$sql_software = mysqli_query($mysqli, "SELECT * FROM software, software_documents
242+
$sql_software = mysqli_query($mysqli, "SELECT software.software_id, software_name FROM software, software_documents
243243
WHERE software.software_id = software_documents.software_id
244244
AND software_documents.document_id = $document_id
245245
ORDER BY software_name ASC"
@@ -270,7 +270,7 @@
270270
</button>
271271
</h6>
272272
<?php
273-
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors, vendor_documents
273+
$sql_vendors = mysqli_query($mysqli, "SELECT vendors.vendor_id, vendor_name FROM vendors, vendor_documents
274274
WHERE vendors.vendor_id = vendor_documents.vendor_id
275275
AND vendor_documents.document_id = $document_id
276276
ORDER BY vendor_name ASC"

client_document_link_software_modal.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
$exclude_condition = ""; // No condition if there are no displayed vendors
2929
}
3030

31-
$sql_software_select = mysqli_query($mysqli, "SELECT * FROM software
31+
$sql_software_select = mysqli_query($mysqli, "SELECT software_id, software_name FROM software
3232
WHERE software_client_id = $client_id
3333
AND software_archived_at IS NULL
3434
$exclude_condition

client_document_link_vendor_modal.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
$exclude_condition = ""; // No condition if there are no displayed vendors
2929
}
3030

31-
$sql_vendors_select = mysqli_query($mysqli, "SELECT * FROM vendors
31+
$sql_vendors_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors
3232
WHERE vendor_client_id = $client_id
3333
AND vendor_archived_at IS NULL
3434
$exclude_condition

client_services.php

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,9 @@
2828
<div class="card-header py-2">
2929
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream mr-2"></i>Services</h3>
3030
<div class="card-tools">
31-
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-plus mr-2"></i>New Service</button>
31+
<?php if (lookupUserPermission("module_services") >= 2) { ?>
32+
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-plus mr-2"></i>New Service</button>
33+
<?php } ?>
3234
</div>
3335
</div>
3436

@@ -121,9 +123,9 @@
121123
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">
122124
<i class="fas fa-fw fa-edit mr-2"></i>Edit
123125
</a>
124-
<?php if ($session_user_role == 3) { ?>
126+
<?php if (lookupUserPermission("module_credential") >= 3) { ?>
125127
<div class="dropdown-divider"></div>
126-
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_service=<?php echo $service_id; ?>">
128+
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_service=<?php echo $service_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token']; ?>">
127129
<i class="fas fa-fw fa-trash mr-2"></i>Delete
128130
</a>
129131
<?php } ?>

post/user/asset.php

Lines changed: 7 additions & 106 deletions
Original file line numberDiff line numberDiff line change
@@ -10,48 +10,7 @@
1010

1111
validateCSRFToken($_POST['csrf_token']);
1212

13-
$client_id = intval($_POST['client_id']);
14-
$name = sanitizeInput($_POST['name']);
15-
$description = sanitizeInput($_POST['description']);
16-
$type = sanitizeInput($_POST['type']);
17-
$make = sanitizeInput($_POST['make']);
18-
$model = sanitizeInput($_POST['model']);
19-
$serial = sanitizeInput($_POST['serial']);
20-
$os = sanitizeInput($_POST['os']);
21-
$ip = sanitizeInput($_POST['ip']);
22-
if($_POST['dhcp'] == 1){
23-
$ip = 'DHCP';
24-
}
25-
$ipv6 = sanitizeInput($_POST['ipv6']);
26-
$nat_ip = sanitizeInput($_POST['nat_ip']);
27-
$mac = sanitizeInput($_POST['mac']);
28-
$uri = sanitizeInput($_POST['uri']);
29-
$uri_2 = sanitizeInput($_POST['uri_2']);
30-
$status = sanitizeInput($_POST['status']);
31-
$location = intval($_POST['location']);
32-
$physical_location = sanitizeInput($_POST['physical_location']);
33-
$vendor = intval($_POST['vendor']);
34-
$contact = intval($_POST['contact']);
35-
$network = intval($_POST['network']);
36-
$purchase_date = sanitizeInput($_POST['purchase_date']);
37-
if (empty($purchase_date)) {
38-
$purchase_date = "NULL";
39-
} else {
40-
$purchase_date = "'" . $purchase_date . "'";
41-
}
42-
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
43-
if (empty($warranty_expire)) {
44-
$warranty_expire = "NULL";
45-
} else {
46-
$warranty_expire = "'" . $warranty_expire . "'";
47-
}
48-
$install_date = sanitizeInput($_POST['install_date']);
49-
if (empty($install_date)) {
50-
$install_date = "NULL";
51-
} else {
52-
$install_date = "'" . $install_date . "'";
53-
}
54-
$notes = sanitizeInput($_POST['notes']);
13+
require_once 'asset_model.php';
5514

5615
$alert_extended = "";
5716

@@ -111,49 +70,8 @@
11170

11271
validateCSRFToken($_POST['csrf_token']);
11372

73+
require_once 'asset_model.php';
11474
$asset_id = intval($_POST['asset_id']);
115-
$client_id = intval($_POST['client_id']);
116-
$name = sanitizeInput($_POST['name']);
117-
$description = sanitizeInput($_POST['description']);
118-
$type = sanitizeInput($_POST['type']);
119-
$make = sanitizeInput($_POST['make']);
120-
$model = sanitizeInput($_POST['model']);
121-
$serial = sanitizeInput($_POST['serial']);
122-
$os = sanitizeInput($_POST['os']);
123-
$ip = sanitizeInput($_POST['ip']);
124-
if($_POST['dhcp'] == 1){
125-
$ip = 'DHCP';
126-
}
127-
$ipv6 = sanitizeInput($_POST['ipv6']);
128-
$nat_ip = sanitizeInput($_POST['nat_ip']);
129-
$mac = sanitizeInput($_POST['mac']);
130-
$uri = sanitizeInput($_POST['uri']);
131-
$uri_2 = sanitizeInput($_POST['uri_2']);
132-
$status = sanitizeInput($_POST['status']);
133-
$location = intval($_POST['location']);
134-
$physical_location = sanitizeInput($_POST['physical_location']);
135-
$vendor = intval($_POST['vendor']);
136-
$contact = intval($_POST['contact']);
137-
$network = intval($_POST['network']);
138-
$purchase_date = sanitizeInput($_POST['purchase_date']);
139-
if (empty($purchase_date)) {
140-
$purchase_date = "NULL";
141-
} else {
142-
$purchase_date = "'" . $purchase_date . "'";
143-
}
144-
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
145-
if (empty($warranty_expire)) {
146-
$warranty_expire = "NULL";
147-
} else {
148-
$warranty_expire = "'" . $warranty_expire . "'";
149-
}
150-
$install_date = sanitizeInput($_POST['install_date']);
151-
if (empty($install_date)) {
152-
$install_date = "NULL";
153-
} else {
154-
$install_date = "'" . $install_date . "'";
155-
}
156-
$notes = sanitizeInput($_POST['notes']);
15775

15876
// Get Existing Photo
15977
$sql = mysqli_query($mysqli,"SELECT asset_photo FROM assets WHERE asset_id = $asset_id");
@@ -734,25 +652,17 @@
734652

735653
validateCSRFToken($_POST['csrf_token']);
736654

655+
// Interface info
656+
$interface_id = intval($_POST['interface_id']);
737657
$asset_id = intval($_POST['asset_id']);
658+
require_once 'asset_interface_model.php';
738659

739660
// Get Asset Name and Client ID for logging and alert message
740661
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
741662
$row = mysqli_fetch_array($sql);
742663
$asset_name = sanitizeInput($row['asset_name']);
743664
$client_id = intval($row['asset_client_id']);
744665

745-
$name = sanitizeInput($_POST['name']);
746-
$mac = sanitizeInput($_POST['mac']);
747-
$ip = sanitizeInput($_POST['ip']);
748-
if($_POST['dhcp'] == 1){
749-
$ip = 'DHCP';
750-
}
751-
$ipv6 = sanitizeInput($_POST['ipv6']);
752-
$port = sanitizeInput($_POST['port']);
753-
$network = intval($_POST['network']);
754-
$notes = sanitizeInput($_POST['notes']);
755-
756666
mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = '$name', interface_mac = '$mac', interface_ip = '$ip', interface_ipv6 = '$ipv6', interface_port = '$port', interface_notes = '$notes', interface_network_id = $network, interface_asset_id = $asset_id");
757667

758668
$interface_id = mysqli_insert_id($mysqli);
@@ -772,7 +682,9 @@
772682

773683
validateCSRFToken($_POST['csrf_token']);
774684

685+
// Interface info
775686
$interface_id = intval($_POST['interface_id']);
687+
require_once 'asset_interface_model.php';
776688

777689
// Get Asset Name and Client ID for logging and alert message
778690
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id, asset_id FROM asset_interfaces LEFT JOIN assets ON asset_id = interface_asset_id WHERE interface_id = $interface_id");
@@ -781,17 +693,6 @@
781693
$asset_name = sanitizeInput($row['asset_name']);
782694
$client_id = intval($row['asset_client_id']);
783695

784-
$name = sanitizeInput($_POST['name']);
785-
$mac = sanitizeInput($_POST['mac']);
786-
$ip = sanitizeInput($_POST['ip']);
787-
if($_POST['dhcp'] == 1){
788-
$ip = 'DHCP';
789-
}
790-
$ipv6 = sanitizeInput($_POST['ipv6']);
791-
$port = sanitizeInput($_POST['port']);
792-
$network = intval($_POST['network']);
793-
$notes = sanitizeInput($_POST['notes']);
794-
795696
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_name = '$name', interface_mac = '$mac', interface_ip = '$ip', interface_ipv6 = '$ipv6', interface_port = '$port', interface_notes = '$notes', interface_network_id = $network WHERE interface_id = $interface_id");
796697

797698
//Logging

post/user/asset_interface_model.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?php
2+
$name = sanitizeInput($_POST['name']);
3+
$mac = sanitizeInput($_POST['mac']);
4+
$ip = sanitizeInput($_POST['ip']);
5+
if ($_POST['dhcp'] == 1){
6+
$ip = 'DHCP';
7+
}
8+
$ipv6 = sanitizeInput($_POST['ipv6']);
9+
$port = sanitizeInput($_POST['port']);
10+
$network = intval($_POST['network']);
11+
$notes = sanitizeInput($_POST['notes']);

post/user/asset_model.php

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
<?php
2+
$name = sanitizeInput($_POST['name']);
3+
$description = sanitizeInput($_POST['description']);
4+
$type = sanitizeInput($_POST['type']);
5+
$make = sanitizeInput($_POST['make']);
6+
$model = sanitizeInput($_POST['model']);
7+
$serial = sanitizeInput($_POST['serial']);
8+
$os = sanitizeInput($_POST['os']);
9+
$ip = sanitizeInput($_POST['ip']);
10+
if ($_POST['dhcp'] == 1) {
11+
$ip = 'DHCP';
12+
}
13+
$ipv6 = sanitizeInput($_POST['ipv6']);
14+
$nat_ip = sanitizeInput($_POST['nat_ip']);
15+
$mac = sanitizeInput($_POST['mac']);
16+
$uri = sanitizeInput($_POST['uri']);
17+
$uri_2 = sanitizeInput($_POST['uri_2']);
18+
$status = sanitizeInput($_POST['status']);
19+
$location = intval($_POST['location']);
20+
$physical_location = sanitizeInput($_POST['physical_location']);
21+
$vendor = intval($_POST['vendor']);
22+
$contact = intval($_POST['contact']);
23+
$network = intval($_POST['network']);
24+
$purchase_date = sanitizeInput($_POST['purchase_date']);
25+
if (empty($purchase_date)) {
26+
$purchase_date = "NULL";
27+
} else {
28+
$purchase_date = "'" . $purchase_date . "'";
29+
}
30+
$warranty_expire = sanitizeInput($_POST['warranty_expire']);
31+
if (empty($warranty_expire)) {
32+
$warranty_expire = "NULL";
33+
} else {
34+
$warranty_expire = "'" . $warranty_expire . "'";
35+
}
36+
$install_date = sanitizeInput($_POST['install_date']);
37+
if (empty($install_date)) {
38+
$install_date = "NULL";
39+
} else {
40+
$install_date = "'" . $install_date . "'";
41+
}
42+
$notes = sanitizeInput($_POST['notes']);
43+
$client_id = intval($_POST['client_id']);

post/user/certificate.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@
158158
$client_id = intval($_POST['client_id']);
159159

160160
//get records from database
161-
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
161+
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
162162
$row = mysqli_fetch_array($sql);
163163

164164
$client_name = $row['client_name'];

post/user/client.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@
159159
$client_id = intval($_GET['archive_client']);
160160

161161
// Get Client Name
162-
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $client_id");
162+
$sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id");
163163
$row = mysqli_fetch_array($sql);
164164
$client_name = sanitizeInput($row['client_name']);
165165

0 commit comments

Comments
 (0)