Heray-Was-Here
Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/u390967363/domains/aibenproperties.com/public_html/app/auditor-reports.php
<?php
include 'includes/header.php';
require_once 'includes/db.php';
require_once 'includes/functions.php';

$role = strtolower($_SESSION['user_role'] ?? 'guest');
if (!in_array($role, ['auditor','super_admin'])) {
    echo "<div class='container p-4'><div class='alert alert-danger'>Access denied.</div></div>";
    include 'includes/footer.php';
    exit;
}

$start = isset($_GET['start']) && $_GET['start'] ? $_GET['start'].' 00:00:00' : date('Y-m-01 00:00:00');
$end = isset($_GET['end']) && $_GET['end'] ? $_GET['end'].' 23:59:59' : date('Y-m-t 23:59:59');
$report = $_GET['export'] ?? null;
$view = $_GET['view'] ?? null;

if ($report && $view === 'html') {
    $title = 'Report';
    if ($report === 'monthly_financial') $title = 'Monthly Financial Report';
    if ($report === 'allocation_compliance') $title = 'Allocation Compliance Report';
    if ($report === 'refund_analysis') $title = 'Refund Analysis Report';
    if ($report === 'user_activity') $title = 'User Activity Report';
    if ($report === 'risk_summary') $title = 'Risk Summary Report';
    echo "<div class='container-fluid p-4'><div class='d-flex justify-content-between align-items-center mb-3'><h3 class='mb-0'>".htmlspecialchars($title)."</h3><button class='btn btn-primary' onclick='window.print()'>Print</button></div><div class='mb-2 text-muted small'>System: Aiben ERP | Period: ".htmlspecialchars(substr($start,0,10).' to '.substr($end,0,10))." | Generated: ".htmlspecialchars(date('c'))."</div>";
    if ($report === 'monthly_financial') {
        $sql = "SELECT p.id,u.name AS client,p.amount,p.method,p.status,p.created_at FROM payments p LEFT JOIN users u ON p.user_id=u.id WHERE p.created_at BETWEEN ? AND ? AND p.status IN ('verified','approved','paid') ORDER BY p.created_at ASC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        echo "<div class='table-responsive'><table class='table table-sm table-bordered'><thead><tr><th>ID</th><th>Client</th><th>Amount</th><th>Method</th><th>Status</th><th>Created</th></tr></thead><tbody>";
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { echo "<tr><td>".htmlspecialchars($r['id'])."</td><td>".htmlspecialchars($r['client'])."</td><td>".htmlspecialchars($r['amount'])."</td><td>".htmlspecialchars($r['method'])."</td><td>".htmlspecialchars($r['status'])."</td><td>".htmlspecialchars($r['created_at'])."</td></tr>"; }
        echo "</tbody></table></div></div>"; include 'includes/footer.php'; exit;
    }
    if ($report === 'allocation_compliance') {
        $sql = "SELECT a.id,u.name AS client,a.status,a.created_at,a.reviewed_at,a.exec_decided_at FROM allocations a LEFT JOIN users u ON a.user_id = u.id WHERE a.created_at BETWEEN ? AND ? ORDER BY a.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        echo "<div class='table-responsive'><table class='table table-sm table-bordered'><thead><tr><th>ID</th><th>Client</th><th>Status</th><th>Created</th><th>Admin Review</th><th>Executive Approval</th></tr></thead><tbody>";
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { $rv = $r['reviewed_at'] ?? ($r['admin_reviewed_at'] ?? ''); echo "<tr><td>".htmlspecialchars($r['id'])."</td><td>".htmlspecialchars($r['client'])."</td><td>".htmlspecialchars($r['status'])."</td><td>".htmlspecialchars($r['created_at'])."</td><td>".htmlspecialchars($rv)."</td><td>".htmlspecialchars($r['exec_decided_at'])."</td></tr>"; }
        echo "</tbody></table></div></div>"; include 'includes/footer.php'; exit;
    }
    if ($report === 'refund_analysis') {
        $sql = "SELECT r.id,u.name AS client,r.amount,r.status,r.finance_recommendation,r.exec_decision,r.created_at,r.reviewed_at FROM refunds r LEFT JOIN users u ON r.user_id = u.id WHERE r.created_at BETWEEN ? AND ? ORDER BY r.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        echo "<div class='table-responsive'><table class='table table-sm table-bordered'><thead><tr><th>ID</th><th>Client</th><th>Amount</th><th>Status</th><th>Finance Reco</th><th>Executive Decision</th><th>Created</th><th>Processed</th></tr></thead><tbody>";
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { $pv = $r['reviewed_at'] ?? ($r['exec_decided_at'] ?? ''); echo "<tr><td>".htmlspecialchars($r['id'])."</td><td>".htmlspecialchars($r['client'])."</td><td>".htmlspecialchars($r['amount'])."</td><td>".htmlspecialchars($r['status'])."</td><td>".htmlspecialchars($r['finance_recommendation'])."</td><td>".htmlspecialchars($r['exec_decision'])."</td><td>".htmlspecialchars($r['created_at'])."</td><td>".htmlspecialchars($pv)."</td></tr>"; }
        echo "</tbody></table></div></div>"; include 'includes/footer.php'; exit;
    }
    if ($report === 'user_activity') {
        $sql = "SELECT l.created_at,u.name AS user_name,u.role AS department,l.action,l.details,l.ip_address FROM audit_logs l LEFT JOIN users u ON l.user_id = u.id WHERE l.created_at BETWEEN ? AND ? ORDER BY l.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        echo "<div class='table-responsive'><table class='table table-sm table-bordered'><thead><tr><th>Timestamp</th><th>User</th><th>Department</th><th>Action</th><th>Details</th><th>IP</th></tr></thead><tbody>";
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { echo "<tr><td>".htmlspecialchars($r['created_at'])."</td><td>".htmlspecialchars($r['user_name'])."</td><td>".htmlspecialchars($r['department'])."</td><td>".htmlspecialchars($r['action'])."</td><td>".htmlspecialchars($r['details'])."</td><td>".htmlspecialchars($r['ip_address'])."</td></tr>"; }
        echo "</tbody></table></div></div>"; include 'includes/footer.php'; exit;
    }
    if ($report === 'risk_summary') {
        $thr = (float)(getSetting('aud_refund_threshold', 5000000) ?: 5000000);
        $st=$pdo->prepare("SELECT COUNT(*) FROM refunds WHERE amount >= ? AND created_at BETWEEN ? AND ?");
        $st->execute([$thr,$start,$end]); $cnt = (int)$st->fetchColumn();
        $rev = 0; try{ $rev=(int)$pdo->query("SELECT COUNT(*) FROM payments WHERE status IN ('reversed','chargeback') AND created_at BETWEEN '".$start."' AND '".$end."'")->fetchColumn(); }catch(Exception $e){}
        echo "<div class='table-responsive'><table class='table table-sm table-bordered'><thead><tr><th>Risk</th><th>Detail</th></tr></thead><tbody>";
        echo "<tr><td>High-value refunds</td><td>".htmlspecialchars($cnt)."</td></tr>";
        echo "<tr><td>Payment reversals</td><td>".htmlspecialchars($rev)."</td></tr>";
        echo "</tbody></table></div></div>"; include 'includes/footer.php'; exit;
    }
    include 'includes/footer.php'; exit;
}

if ($report) {
    header('Content-Type: text/csv; charset=utf-8');
    $fn = 'report.csv';
    if ($report === 'monthly_financial') $fn = 'monthly-financial.csv';
    if ($report === 'allocation_compliance') $fn = 'allocation-compliance.csv';
    if ($report === 'refund_analysis') $fn = 'refund-analysis.csv';
    if ($report === 'user_activity') $fn = 'user-activity.csv';
    if ($report === 'risk_summary') $fn = 'risk-summary.csv';
    header('Content-Disposition: attachment; filename="'.$fn.'"');
    $out = fopen('php://output', 'w');
    fputcsv($out, ['System','Aiben ERP']);
    fputcsv($out, ['Generated By','Auditor']);
    fputcsv($out, ['Period', substr($start,0,10).' to '.substr($end,0,10)]);
    fputcsv($out, ['Timestamp', date('c')]);
    fputcsv($out, []);
    if ($report === 'monthly_financial') {
        $sql = "SELECT p.id,u.name AS client,p.amount,p.method,p.status,p.created_at FROM payments p LEFT JOIN users u ON p.user_id=u.id WHERE p.created_at BETWEEN ? AND ? AND p.status IN ('verified','approved','paid') ORDER BY p.created_at ASC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        fputcsv($out, ['ID','Client','Amount','Method','Status','Created']);
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { fputcsv($out, [$r['id'],$r['client'],$r['amount'],$r['method'],$r['status'],$r['created_at']]); }
        exit;
    }
    if ($report === 'allocation_compliance') {
        $sql = "SELECT a.id,u.name AS client,a.status,a.created_at,a.reviewed_at,a.exec_decided_at FROM allocations a LEFT JOIN users u ON a.user_id = u.id WHERE a.created_at BETWEEN ? AND ? ORDER BY a.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        fputcsv($out, ['ID','Client','Status','Created','Admin Review','Executive Approval']);
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { fputcsv($out, [$r['id'],$r['client'],$r['status'],$r['created_at'],$r['reviewed_at'] ?? ($r['admin_reviewed_at'] ?? ''),$r['exec_decided_at']]); }
        exit;
    }
    if ($report === 'refund_analysis') {
        $sql = "SELECT r.id,u.name AS client,r.amount,r.status,r.finance_recommendation,r.exec_decision,r.created_at,r.reviewed_at FROM refunds r LEFT JOIN users u ON r.user_id = u.id WHERE r.created_at BETWEEN ? AND ? ORDER BY r.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        fputcsv($out, ['ID','Client','Amount','Status','Finance Reco','Executive Decision','Created','Processed']);
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { fputcsv($out, [$r['id'],$r['client'],$r['amount'],$r['status'],$r['finance_recommendation'],$r['exec_decision'],$r['created_at'],$r['reviewed_at'] ?? ($r['exec_decided_at'] ?? '')]); }
        exit;
    }
    if ($report === 'user_activity') {
        $sql = "SELECT l.created_at,u.name AS user_name,u.role AS department,l.action,l.details,l.ip_address FROM audit_logs l LEFT JOIN users u ON l.user_id = u.id WHERE l.created_at BETWEEN ? AND ? ORDER BY l.created_at DESC";
        $st=$pdo->prepare($sql); $st->execute([$start,$end]);
        fputcsv($out, ['Timestamp','User','Department','Action','Details','IP']);
        while ($r=$st->fetch(PDO::FETCH_ASSOC)) { fputcsv($out, [$r['created_at'],$r['user_name'],$r['department'],$r['action'],$r['details'],$r['ip_address']]); }
        exit;
    }
    if ($report === 'risk_summary') {
        fputcsv($out, ['Risk','Detail']);
        $thr = (float)(getSetting('aud_refund_threshold', 5000000) ?: 5000000);
        $st=$pdo->prepare("SELECT COUNT(*) FROM refunds WHERE amount >= ? AND created_at BETWEEN ? AND ?");
        $st->execute([$thr,$start,$end]); $cnt = (int)$st->fetchColumn();
        fputcsv($out, ['High-value refunds',$cnt]);
        $rev = 0; try{ $rev=(int)$pdo->query("SELECT COUNT(*) FROM payments WHERE status IN ('reversed','chargeback') AND created_at BETWEEN '".$start."' AND '".$end."'")->fetchColumn(); }catch(Exception $e){}
        fputcsv($out, ['Payment reversals',$rev]);
        exit;
    }
    exit;
}
?>
<div class="container-fluid py-4">
    <div class="d-flex align-items-center justify-content-between mb-3">
        <h2 class="mb-0">Export & Reports</h2>
        <form class="d-flex gap-2" method="get">
            <input type="date" name="start" class="form-control form-control-sm" value="<?= htmlspecialchars(substr($start,0,10)) ?>">
            <input type="date" name="end" class="form-control form-control-sm" value="<?= htmlspecialchars(substr($end,0,10)) ?>">
        </form>
    </div>
    <div class="row g-3">
        <div class="col-md-4">
            <a class="card shadow-sm text-decoration-none" href="?export=monthly_financial&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">
                <div class="card-body">
                    <div class="text-muted small">Generate</div>
                    <div class="h6 mb-0">Monthly Financial Report (CSV)</div>
                </div>
            </a>
            <a class="d-block mt-2 small" href="?export=monthly_financial&view=html&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">Print View</a>
        </div>
        <div class="col-md-4">
            <a class="card shadow-sm text-decoration-none" href="?export=allocation_compliance&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">
                <div class="card-body">
                    <div class="text-muted small">Generate</div>
                    <div class="h6 mb-0">Allocation Compliance Report (CSV)</div>
                </div>
            </a>
            <a class="d-block mt-2 small" href="?export=allocation_compliance&view=html&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">Print View</a>
        </div>
        <div class="col-md-4">
            <a class="card shadow-sm text-decoration-none" href="?export=refund_analysis&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">
                <div class="card-body">
                    <div class="text-muted small">Generate</div>
                    <div class="h6 mb-0">Refund Analysis Report (CSV)</div>
                </div>
            </a>
            <a class="d-block mt-2 small" href="?export=refund_analysis&view=html&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">Print View</a>
        </div>
        <div class="col-md-4">
            <a class="card shadow-sm text-decoration-none" href="?export=user_activity&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">
                <div class="card-body">
                    <div class="text-muted small">Generate</div>
                    <div class="h6 mb-0">User Activity Report (CSV)</div>
                </div>
            </a>
            <a class="d-block mt-2 small" href="?export=user_activity&view=html&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">Print View</a>
        </div>
        <div class="col-md-4">
            <a class="card shadow-sm text-decoration-none" href="?export=risk_summary&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">
                <div class="card-body">
                    <div class="text-muted small">Generate</div>
                    <div class="h6 mb-0">Risk Summary Report (CSV)</div>
                </div>
            </a>
            <a class="d-block mt-2 small" href="?export=risk_summary&view=html&start=<?= urlencode(substr($start,0,10)) ?>&end=<?= urlencode(substr($end,0,10)) ?>">Print View</a>
        </div>
    </div>
</div>
<script>
(function(){
    let t; const logoutAfter=15*60*1000; const reset=()=>{clearTimeout(t);t=setTimeout(()=>location.href='logout.php?reason=idle',logoutAfter);};
    ['click','mousemove','keydown','scroll','touchstart'].forEach(ev=>window.addEventListener(ev,reset,{passive:true}));
    reset();
})();
</script>
<?php include 'includes/footer.php'; ?>

Hry