Removed the prepended user_ from the fields in the user_roles table, moved user_role_id from user_settings directly to users table, rename table user_permissions to user_client_permissions, removed unused Sessions vars in login. This upedate will require to update using update_cli.php --db_update

Author: johnnyq

admin_role.php

@@ -1,7 +1,7 @@
 <?php
 
 // Default Column Sortby Filter
-$sort = "user_role_is_admin";
+$sort = "role_is_admin";
 $order = "DESC";
 
 require_once "includes/inc_all_admin.php";
@@ -13,8 +13,8 @@
 $sql = mysqli_query(
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM user_roles
-    WHERE (user_roles.user_role_name LIKE '%$q%' OR user_roles.user_role_description LIKE '%$q%')
-    AND user_roles.user_role_archived_at IS NULL
+    WHERE (role_name LIKE '%$q%' OR role_description LIKE '%$q%')
+    AND role_archived_at IS NULL
     ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
@@ -53,14 +53,14 @@
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>
                         <th>
-                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_name&order=<?php echo $disp; ?>">
-                                Role <?php if ($sort == 'user_role_name') { echo $order_icon; } ?>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
+                                Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
                             </a>
                         </th>
                         <th>Members</th>
                         <th>
-                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_is_admin&order=<?php echo $disp; ?>">
-                                Admin <?php if ($sort == 'user_role_is_admin') { echo $order_icon; } ?>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_is_admin&order=<?php echo $disp; ?>">
+                                Admin <?php if ($sort == 'role_is_admin') { echo $order_icon; } ?>
                             </a>
                         </th>
                         <th class="text-center">Action</th>
@@ -70,17 +70,17 @@
                     <?php
 
                     while ($row = mysqli_fetch_array($sql)) {
-                        $role_id = intval($row['user_role_id']);
-                        $role_name = nullable_htmlentities($row['user_role_name']);
-                        $role_description = nullable_htmlentities($row['user_role_description']);
-                        $role_admin = intval($row['user_role_is_admin']);
-                        $role_archived_at = nullable_htmlentities($row['user_role_archived_at']);
+                        $role_id = intval($row['role_id']);
+                        $role_name = nullable_htmlentities($row['role_name']);
+                        $role_description = nullable_htmlentities($row['role_description']);
+                        $role_admin = intval($row['role_is_admin']);
+                        $role_archived_at = nullable_htmlentities($row['role_archived_at']);
 
                         // Count number of users that have each role
-                        $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
                         $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
 
-                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
                         // Initialize an empty array to hold user names
                         $user_names = [];
 
@@ -90,7 +90,7 @@
                         }
 
                         // Convert the array of user names to a comma-separated string
-                        $user_names_string = implode(",", $user_names) ;
+                        $user_names_string = implode(",", $user_names);
 
                         if (empty($user_names_string)) {
                             $user_names_string = "-";

admin_user.php

@@ -14,7 +14,7 @@
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles
     WHERE users.user_id = user_settings.user_id
-    AND user_settings.user_role = user_roles.user_role_id
+    AND user_role_id = role_id
     AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
     AND user_archived_at IS NULL
     ORDER BY $sort $order LIMIT $record_from, $record_to"
@@ -77,8 +77,8 @@
                         </a>
                     </th>
                     <th>
-                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>">
-                            Role <?php if ($sort == 'user_role') { echo $order_icon; } ?>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
+                            Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
                         </a>
                     </th>
                     <th>
@@ -116,8 +116,8 @@
                         $mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
                     }
                     $user_config_force_mfa = intval($row['user_config_force_mfa']);
-                    $user_role = $row['user_role'];
-                    $user_role_display = nullable_htmlentities($row['user_role_name']);
+                    $user_role = $row['user_role_id'];
+                    $user_role_display = nullable_htmlentities($row['role_name']);
                     $user_initials = nullable_htmlentities(initials($user_name));
 
                     $sql_last_login = mysqli_query(
@@ -139,7 +139,7 @@
                     }
 
                     // Get User Client Access Permissions
-                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id");
+                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
                     $client_access_array = [];
                     while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
                         $client_access_array[] = intval($row['client_id']);

ajax/ajax_project_edit.php

@@ -74,9 +74,8 @@
                     <?php
                     $sql_project_managers_select = mysqli_query(
                         $mysqli,
-                        "SELECT users.user_id, user_name FROM users
-                        LEFT JOIN user_settings on users.user_id = user_settings.user_id
-                        WHERE user_role > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
+                        "SELECT user_id, user_name FROM users
+                        WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC"
                     );
                     while ($row = mysqli_fetch_array($sql_project_managers_select)) {
                         $user_id_select = intval($row['user_id']);

ajax/ajax_role_edit.php

@@ -4,18 +4,18 @@
 
 $role_id = intval($_GET['id']);
 
-$sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_id = $role_id LIMIT 1");
+$sql = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_id = $role_id LIMIT 1");
 
 $row = mysqli_fetch_array($sql);
-$role_name = nullable_htmlentities($row['user_role_name']);
-$role_description = nullable_htmlentities($row['user_role_description']);
-$role_admin = intval($row['user_role_is_admin']);
+$role_name = nullable_htmlentities($row['role_name']);
+$role_description = nullable_htmlentities($row['role_description']);
+$role_admin = intval($row['role_is_admin']);
 
 // Count number of users that have each role
-$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
 $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
 
-$sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+$sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
 // Initialize an empty array to hold user names
 $user_names = [];
 

ajax/ajax_user_edit.php

@@ -12,11 +12,11 @@
 $user_avatar = nullable_htmlentities($row['user_avatar']);
 $user_token = nullable_htmlentities($row['user_token']);
 $user_config_force_mfa = intval($row['user_config_force_mfa']);
-$user_role = intval($row['user_role']);
+$user_role_id = intval($row['user_role_id']);
 $user_initials = nullable_htmlentities(initials($user_name));
 
 // Get User Client Access Permissions
-$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id");
+$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
 $client_access_array = [];
 while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
     $client_access_array[] = intval($row['client_id']);
@@ -107,13 +107,13 @@
                         </div>
                         <select class="form-control select2" name="role" required>
                             <?php
-                            $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_archived_at IS NULL");
+                            $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_archived_at IS NULL");
                             while ($row = mysqli_fetch_array($sql_user_roles)) {
-                                $user_role_id = intval($row['user_role_id']);
-                                $user_role_name = nullable_htmlentities($row['user_role_name']);
+                                $role_id = intval($row['role_id']);
+                                $role_name = nullable_htmlentities($row['role_name']);
 
                                 ?>
-                                <option <?php if ($user_role == $user_role_id) {echo "selected";} ?> value="<?php echo $user_role_id; ?>"><?php echo $user_role_name; ?></option>
+                                <option <?php if ($role_id == $user_role_id) {echo "selected";} ?> value="<?php echo $role_id; ?>"><?php echo $role_name; ?></option>
                             <?php } ?>
 
                         </select>

check_login.php

@@ -27,17 +27,11 @@
     exit;
 }
 
-// Check user type
-if ($_SESSION['user_type'] !== 1) {
-    header("Location: login.php");
-    exit();
-}
-
 // Set Timezone
 require_once "inc_set_timezone.php";
 
 
-// User IP & UA
+// User Vars and User Settings
 $session_ip = sanitizeInput(getIP());
 $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
 
@@ -47,24 +41,34 @@
     $mysqli,
     "SELECT * FROM users
     LEFT JOIN user_settings ON users.user_id = user_settings.user_id
-    LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
+    LEFT JOIN user_roles ON user_role_id = role_id
     WHERE users.user_id = $session_user_id");
 
 $row = mysqli_fetch_array($sql);
 $session_name = sanitizeInput($row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
 $session_token = $row['user_token']; // MFA Token
-$session_user_role = intval($row['user_role']);
-$session_user_role_display = sanitizeInput($row['user_role_name']);
-if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
+$session_user_type = intval($row['user_type']);
+$session_user_role = intval($row['user_role_id']);
+$session_user_role_display = sanitizeInput($row['role_name']);
+if (isset($row['role_is_admin']) && $row['role_is_admin'] == 1) {
     $session_is_admin = true;
 } else {
     $session_is_admin = false;
 }
 $session_user_config_force_mfa = intval($row['user_config_force_mfa']);
 $user_config_records_per_page = intval($row['user_config_records_per_page']);
 
+// Check user type
+if ($session_user_type !== 1) {
+    session_unset();
+    session_destroy();
+    header("Location: login.php");
+    exit();
+}
+
+// Company Vars and Company Settings
 $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1");
 $row = mysqli_fetch_array($sql);
 
@@ -78,7 +82,7 @@
 $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
 
 // Get User Client Access Permissions
-$user_client_access_sql = "SELECT client_id FROM user_permissions WHERE user_id = $session_user_id";
+$user_client_access_sql = "SELECT client_id FROM user_client_permissions WHERE user_id = $session_user_id";
 $user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);
 
 $client_access_array = [];

dashboard.php

@@ -73,11 +73,6 @@
 <?php
 if ($user_config_dashboard_financial_enable == 1) {
 
-    // Ensure the user has the appropriate role to view the financial dashboard
-    if ($_SESSION['user_role'] != 3 && $_SESSION['user_role'] != 1) {
-        exit('<script type="text/javascript">window.location.href = \'dashboard_technical.php\';</script>');
-    }
-
     // Fetch financial data for the dashboard
     // Define variables to avoid errors in logs
     $largest_income_month = 0;

database_updates.php

@@ -2435,10 +2435,53 @@ function processFile($file_path, $file_name, $mysqli) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.9'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.8.9') {
-    //     // Insert queries here required to update to DB version 1.9.0
+    if (CURRENT_DATABASE_VERSION == '1.8.9') {
+        mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_role_id` INT(11) DEFAULT 0 AFTER `user_archived_at`");
+
+        // Copy user role from user settings table to the users table
+        mysqli_query($mysqli,"
+            UPDATE `users`
+            JOIN `user_settings` ON users.user_id = user_settings.user_id
+            SET users.user_role_id = user_settings.user_role
+        ");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'");
+    }
+
+    if (CURRENT_DATABASE_VERSION == '1.9.0') {
+        mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_role`");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.1'");
+    }
+
+    if (CURRENT_DATABASE_VERSION == '1.9.1') {
+
+        mysqli_query($mysqli,
+            "ALTER TABLE `user_roles`
+            CHANGE COLUMN `user_role_id` `role_id` INT(11) NOT NULL AUTO_INCREMENT,
+            CHANGE COLUMN `user_role_name` `role_name` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
+            CHANGE COLUMN `user_role_description` `role_description` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
+            CHANGE COLUMN `user_role_type` `role_type` TINYINT(1) NOT NULL DEFAULT 1,
+            CHANGE COLUMN `user_role_is_admin` `role_is_admin` TINYINT(1) NOT NULL DEFAULT 0,
+            CHANGE COLUMN `user_role_created_at` `role_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP(),
+            CHANGE COLUMN `user_role_updated_at` `role_updated_at` DATETIME NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP(),
+            CHANGE COLUMN `user_role_archived_at` `role_archived_at` DATETIME NULL DEFAULT NULL
+        ");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.2'");
+    }
+
+    if (CURRENT_DATABASE_VERSION == '1.9.2') {
+
+        mysqli_query($mysqli, "RENAME TABLE `user_permissions` TO `user_client_permissions`");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.3'");
+    }
+
+    // if (CURRENT_DATABASE_VERSION == '1.9.3') {
+    //     // Insert queries here required to update to DB version 1.9.4
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.0'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.4'");
     // }
 
 } else {

db.sql

@@ -2205,13 +2205,13 @@ CREATE TABLE `trips` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 
 --
--- Table structure for table `user_permissions`
+-- Table structure for table `user_client_permissions`
 --
 
-DROP TABLE IF EXISTS `user_permissions`;
+DROP TABLE IF EXISTS `user_client_permissions`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `user_permissions` (
+CREATE TABLE `user_client_permissions` (
   `user_id` int(11) NOT NULL,
   `client_id` int(11) NOT NULL,
   PRIMARY KEY (`user_id`,`client_id`)
@@ -2240,15 +2240,15 @@ DROP TABLE IF EXISTS `user_roles`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `user_roles` (
-  `user_role_id` int(11) NOT NULL AUTO_INCREMENT,
-  `user_role_name` varchar(200) NOT NULL,
-  `user_role_description` varchar(200) DEFAULT NULL,
-  `user_role_type` tinyint(1) NOT NULL DEFAULT 1,
-  `user_role_is_admin` tinyint(1) NOT NULL DEFAULT 0,
-  `user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(),
-  `user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
-  `user_role_archived_at` datetime DEFAULT NULL,
-  PRIMARY KEY (`user_role_id`)
+  `role_id` int(11) NOT NULL AUTO_INCREMENT,
+  `role_name` varchar(200) NOT NULL,
+  `role_description` varchar(200) DEFAULT NULL,
+  `role_type` tinyint(1) NOT NULL DEFAULT 1,
+  `role_is_admin` tinyint(1) NOT NULL DEFAULT 0,
+  `role_created_at` datetime NOT NULL DEFAULT current_timestamp(),
+  `role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
+  `role_archived_at` datetime DEFAULT NULL,
+  PRIMARY KEY (`role_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
@@ -2261,7 +2261,6 @@ DROP TABLE IF EXISTS `user_settings`;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `user_settings` (
   `user_id` int(11) NOT NULL,
-  `user_role` int(11) NOT NULL,
   `user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0,
   `user_config_records_per_page` int(11) NOT NULL DEFAULT 10,
   `user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0,
@@ -2296,6 +2295,7 @@ CREATE TABLE `users` (
   `user_created_at` datetime NOT NULL DEFAULT current_timestamp(),
   `user_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
   `user_archived_at` datetime DEFAULT NULL,
+  `user_role_id` int(11) DEFAULT 0,
   PRIMARY KEY (`user_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
@@ -2383,4 +2383,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2025-03-10 12:25:19
+-- Dump completed on 2025-03-10 15:52:38