Added further refinements to multi-company feature

accounts.php

@@ -40,7 +40,7 @@
   }
 
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM accounts 
-    WHERE account_name LIKE '%$q%'
+    WHERE account_name LIKE '%$q%' AND company_id = $session_company_id
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

add_calendar_event_modal.php

@@ -28,7 +28,7 @@
                 <option value="">- Calendar -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM calendars"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $calendar_id = $row['calendar_id'];
                   $calendar_name = $row['calendar_name'];

add_expense_copy_modal.php

@@ -44,7 +44,7 @@
                 <select class="form-control selectpicker show-tick" name="account" required>
                   <?php 
                   
-                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_accounts)){
                     $account_id_select = $row['account_id'];
                     $account_name_select = $row['account_name'];
@@ -82,7 +82,7 @@
                 <select class="form-control selectpicker show-tick" data-live-search="true" name="vendor" required>
                   <?php 
                   
-                  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors"); 
+                  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_vendors)){
                     $vendor_id_select = $row['vendor_id'];
                     $vendor_name_select = $row['vendor_name'];
@@ -114,7 +114,7 @@
                 <select class="form-control selectpicker show-tick" name="category" required>
                   <?php 
                   
-                  $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense'"); 
+                  $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_categories)){
                     $category_id_select = $row['category_id'];
                     $category_name_select = $row['category_name'];

add_expense_modal.php

@@ -43,7 +43,7 @@
                   <option value="">- Account -</option>
                   <?php 
                   
-                  $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                  $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql)){
                     $account_id = $row['account_id'];
                     $account_name = $row['account_name'];
@@ -83,12 +83,12 @@
                   <option value="">- Vendor -</option>
                   <?php 
                   
-                  $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 order by vendor_name ASC"); 
+                  $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                   while($row = mysqli_fetch_array($sql)){
                     $vendor_id = $row['vendor_id'];
                     $vendor_name = $row['vendor_name'];
                   ?>
-                    <option value="<?php echo "$vendor_id"; ?>"><?php echo "$vendor_name"; ?></option>
+                    <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
                   
                   <?php
                   }
@@ -115,12 +115,12 @@
                   <option value="">- Category -</option>
                   <?php 
                   
-                  $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense'"); 
+                  $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql)){
                     $category_id = $row['category_id'];
                     $category_name = $row['category_name'];
                   ?>
-                    <option value="<?php echo "$category_id"; ?>"><?php echo "$category_name"; ?></option>
+                    <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
                   
                   <?php
                   }

add_invoice_modal.php

@@ -24,7 +24,7 @@
                 <option value="">- Client -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
                   $client_name = $row['client_name'];
@@ -60,7 +60,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_id = $row['category_id'];
                   $category_name = $row['category_name'];

add_payment_modal.php

@@ -42,7 +42,7 @@
                 <option value="">- Account -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $account_id = $row['account_id'];
                   $account_name = $row['account_name'];
@@ -82,7 +82,7 @@
                 <option value="">- Method of Payment -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_name = $row['category_name'];
                 ?>

add_quote_modal.php

@@ -25,7 +25,7 @@
                 <option value="">- Client -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
                   $client_name = $row['client_name'];
@@ -60,7 +60,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_id = $row['category_id'];
                   $category_name = $row['category_name'];

add_recurring_modal.php

@@ -24,7 +24,7 @@
                 <option value="">- Client -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
                   $client_name = $row['client_name'];
@@ -76,7 +76,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_id = $row['category_id'];
                   $category_name = $row['category_name'];

add_revenue_modal.php

@@ -40,7 +40,7 @@
                 <option value="">- Account -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $account_id = $row['account_id'];
                   $account_name = $row['account_name'];
@@ -76,7 +76,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_id = $row['category_id'];
                   $category_name = $row['category_name'];
@@ -100,7 +100,7 @@
                 <option value="">- Method of Payment -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method'"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $category_name = $row['category_name'];
                 ?>

add_ticket_modal.php

@@ -22,7 +22,7 @@
                 <option value="">- Client -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
                   $client_name = $row['client_name'];

add_transfer_modal.php

@@ -40,7 +40,7 @@
                 <option value="">- Account From -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $account_id = $row['account_id'];
                   $account_name = $row['account_name'];
@@ -78,7 +78,7 @@
                 <option value="">- Account To -</option>
                 <?php 
                 
-                $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql)){
                   $account_id = $row['account_id'];
                   $account_name = $row['account_name'];

add_trip_copy_modal.php

@@ -87,7 +87,7 @@
                     <option value="">- Invoice -</option>
                     <?php 
                     
-                    $sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id ORDER BY invoice_number DESC"); 
+                    $sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND invoices.company_id = $session_company_id ORDER BY invoice_number DESC"); 
                     while($row = mysqli_fetch_array($sql_invoices)){
                       $client_id_select = $row['client_id'];
                       $client_name_select = $row['client_name'];
@@ -115,7 +115,7 @@
                     <option value="">- Client -</option>
                     <?php 
                     
-                    $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                    $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                     while($row = mysqli_fetch_array($sql_clients)){
                       $client_id_select = $row['client_id'];
                       $client_name_select = $row['client_name'];
@@ -139,7 +139,7 @@
                     <option value="">- Location -</option>
                     <?php 
                     
-                    $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id ORDER BY clients.client_id DESC"); 
+                    $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id AND locations.company_id = $session_company_id ORDER BY clients.client_id DESC"); 
                     while($row = mysqli_fetch_array($sql_locations)){
                       $location_id_select = $row['location_id'];
                       $location_name_select = $row['location_name'];
@@ -164,7 +164,7 @@
                     <option value="">- Vendor -</option>
                     <?php 
                     
-                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 ORDER BY vendor_name ASC"); 
+                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                     while($row = mysqli_fetch_array($sql_vendors)){
                       $vendor_id_select = $row['vendor_id'];
                       $vendor_name_select = $row['vendor_name'];

add_trip_modal.php

@@ -85,7 +85,7 @@
                     <option value="">- Invoice -</option>
                     <?php 
                     
-                    $sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id ORDER BY invoice_number DESC"); 
+                    $sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND invoices.company_id = $session_company_id ORDER BY invoice_number DESC"); 
                     while($row = mysqli_fetch_array($sql)){
                       $client_id = $row['client_id'];
                       $client_name = $row['client_name'];
@@ -113,7 +113,7 @@
                     <option value="">- Client -</option>
                     <?php 
                     
-                    $sql = mysqli_query($mysqli,"SELECT * FROM clients"); 
+                    $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id"); 
                     while($row = mysqli_fetch_array($sql)){
                       $client_id = $row['client_id'];
                       $client_name = $row['client_name'];
@@ -137,7 +137,7 @@
                     <option value="">- Location -</option>
                     <?php 
                     
-                    $sql = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id ORDER BY clients.client_id DESC"); 
+                    $sql = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id AND locations.company_id = $session_company_id ORDER BY clients.client_id DESC");
                     while($row = mysqli_fetch_array($sql)){
                       $location_id = $row['location_id'];
                       $location_name = $row['location_name'];
@@ -162,7 +162,7 @@
                     <option value="">- Vendor -</option>
                     <?php 
                     
-                    $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 ORDER BY vendor_name ASC"); 
+                    $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                     while($row = mysqli_fetch_array($sql)){
                       $vendor_id = $row['vendor_id'];
                       $vendor_name = $row['vendor_name'];

alerts.php

@@ -9,7 +9,7 @@ if($_GET['status'] == "archived"){
 
 ?>
 
-<?php $sql = mysqli_query($mysqli,"SELECT * FROM alerts WHERE alert_ack_date $where_clause ORDER BY alert_id DESC"); ?>
+<?php $sql = mysqli_query($mysqli,"SELECT * FROM alerts WHERE alert_ack_date $where_clause AND company_id = $session_company_id ORDER BY alert_id DESC"); ?>
 
 
 <div class="card mb-3">

calendar_domains.php

@@ -20,7 +20,7 @@
         },
         events: [
           <?php
-          $sql = mysqli_query($mysqli,"SELECT * FROM domains");
+          $sql = mysqli_query($mysqli,"SELECT * FROM domains WHERE company_id = $session_company_id");
           while($row = mysqli_fetch_array($sql)){
             $domain_id = $row['domain_id'];
             $domain = $row['domain_name'];

calendar_events.php

@@ -15,7 +15,7 @@ if(isset($_GET['calendar_id'])){
 
 <?php
 //loop through IDs and create a modal for each
-$sql = mysqli_query($mysqli,"SELECT * FROM events, calendars WHERE events.calendar_id = calendars.calendar_id");
+$sql = mysqli_query($mysqli,"SELECT * FROM events, calendars WHERE events.calendar_id = calendars.calendar_id AND company_id = $session_company_id");
 while($row = mysqli_fetch_array($sql)){
   $event_id = $row['event_id'];
   $event_title = $row['event_title'];
@@ -63,7 +63,7 @@ while($row = mysqli_fetch_array($sql)){
         },
         events: [
           <?php
-          $sql = mysqli_query($mysqli,"SELECT * FROM events, calendars WHERE events.calendar_id = calendars.calendar_id");
+          $sql = mysqli_query($mysqli,"SELECT * FROM events, calendars WHERE events.calendar_id = calendars.calendar_id AND company_id = $session_company_id");
           while($row = mysqli_fetch_array($sql)){
             $event_id = $row['event_id'];
             $event_title = $row['event_title'];

categories.php

@@ -39,7 +39,7 @@
     $disp = "ASC";
   }
 
-  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM categories WHERE category_name LIKE '%$q%' OR category_type LIKE '%$q%' ORDER BY $sb $o LIMIT $record_from, $record_to");
+  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM categories WHERE (category_name LIKE '%$q%' OR category_type LIKE '%$q%') AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   $total_found_rows = $num_rows[0];

client.php

@@ -5,7 +5,7 @@
 if(isset($_GET['client_id'])){
   $client_id = intval($_GET['client_id']);
 
-  $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
+  $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id AND company_id = $session_company_id");
 
   $row = mysqli_fetch_array($sql);
   $client_name = $row['client_name'];

clients.php

@@ -39,7 +39,7 @@ if(isset($_GET['o'])){
   $disp = "ASC";
 }
 
-$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%') AND (company_id = $session_company_id) ORDER BY $sb $o LIMIT $record_from, $record_to"); 
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%') AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to"); 
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 

dashboard.php

@@ -22,23 +22,23 @@ $sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_year
 
 
 //Get Total income
-$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year");
+$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
 $row = mysqli_fetch_array($sql_total_payments_to_invoices);
 $total_payments_to_invoices = $row['total_payments_to_invoices'];
 //Do not grab transfer payment as these have an category_id of 0
-$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND category_id > 0");
+$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND category_id > 0 AND company_id = $session_company_id");
 $row = mysqli_fetch_array($sql_total_revenues);
 $total_revenues = $row['total_revenues'];
 
 $total_income = $total_payments_to_invoices + $total_revenues;
 
 //Get Total expenses and do not grab transfer expenses as these have a vendor of 0
-$sql_total_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE vendor_id > 0 AND YEAR(expense_date) = $year");
+$sql_total_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE vendor_id > 0 AND YEAR(expense_date) = $year AND company_id = $session_company_id");
 $row = mysqli_fetch_array($sql_total_expenses);
 $total_expenses = $row['total_expenses'];
 
 //Total up all the Invoices that are not draft or cancelled
-$sql_invoice_totals = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year");
+$sql_invoice_totals = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year AND company_id = $session_company_id");
 $row = mysqli_fetch_array($sql_invoice_totals);
 $invoice_totals = $row['invoice_totals'];
 
@@ -46,17 +46,19 @@ $recievables = $invoice_totals - $total_payments_to_invoices;
 
 $profit = $total_income - $total_expenses;
 
-$sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts");
+$sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id");
 
 $sql_latest_invoice_payments = mysqli_query($mysqli,"SELECT * FROM payments, invoices, clients 
 	WHERE payments.invoice_id = invoices.invoice_id 
-	AND invoices.client_id = clients.client_id 
+	AND invoices.client_id = clients.client_id
+  AND clients.company_id = $session_company_id
 	ORDER BY payment_id DESC LIMIT 5"
 );
 
 $sql_latest_expenses = mysqli_query($mysqli,"SELECT * FROM expenses, vendors, categories 
 	WHERE expenses.vendor_id = vendors.vendor_id 
 	AND expenses.category_id = categories.category_id
+  AND expenses.company_id = $session_company_id
 	ORDER BY expense_id DESC LIMIT 5"
 );
 

edit_calendar_event_modal.php

@@ -29,7 +29,7 @@
               <select class="form-control selectpicker show-tick" name="calendar" required>
                 <?php 
                 
-                $sql_calendars_select = mysqli_query($mysqli,"SELECT * FROM calendars"); 
+                $sql_calendars_select = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql_calendars_select)){
                   $calendar_id_select = $row['calendar_id'];
                   $calendar_name_select = $row['calendar_name'];

edit_expense_modal.php

@@ -46,7 +46,7 @@
                 <select class="form-control selectpicker show-tick" name="account" required>
                   <?php 
                   
-                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_accounts)){
                     $account_id_select = $row['account_id'];
                     $account_name_select = $row['account_name'];
@@ -85,7 +85,7 @@
                 <select class="form-control selectpicker show-tick" data-live-search="true" name="vendor" required>
                   <?php 
                   
-                  $sql_select = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 ORDER BY vendor_name ASC"); 
+                  $sql_select = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                   while($row = mysqli_fetch_array($sql_select)){
                     $vendor_id_select = $row['vendor_id'];
                     $vendor_name_select = $row['vendor_name'];
@@ -117,7 +117,7 @@
                 <select class="form-control selectpicker show-tick" name="category" required>
                   <?php 
                   
-                  $sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense'"); 
+                  $sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_select)){
                     $category_id_select = $row['category_id'];
                     $category_name_select = $row['category_name'];

edit_invoice_modal.php

@@ -42,7 +42,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql_income_category)){
                   $category_id_select= $row['category_id'];
                   $category_name_select = $row['category_name'];

edit_quote_modal.php

@@ -32,7 +32,7 @@
                 <option value="">- Category -</option>
                 <?php 
                 
-                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income'"); 
+                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql_income_category)){
                   $category_id_select = $row['category_id'];
                   $category_name_select = $row['category_name'];

edit_revenue_modal.php

@@ -41,7 +41,7 @@
                 <option value="">- Account -</option>
                 <?php 
                 
-                $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql_accounts)){
                   $account_id_select = $row['account_id'];
                   $account_name_select = $row['account_name'];
@@ -81,7 +81,7 @@
                 <option value="">- Method of Payment -</option>
                 <?php 
                 
-                $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method'"); 
+                $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql_categories)){
                   $category_name_select = $row['category_name'];
                 ?>

edit_transfer_modal.php

@@ -41,7 +41,7 @@
               <select class="form-control selectpicker show-tick" name="account_from" required>
                 <?php 
                 
-                $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                   while($row = mysqli_fetch_array($sql_accounts)){
                     $account_id_select = $row['account_id'];
                     $account_name_select = $row['account_name'];
@@ -78,7 +78,7 @@
               <select class="form-control selectpicker show-tick" name="account_to" required>
                 <?php 
                 
-                $sql2 = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+                $sql2 = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
                 while($row = mysqli_fetch_array($sql2)){
                   $account_id2 = $row['account_id'];
                   $account_name = $row['account_name'];
@@ -88,7 +88,7 @@
                   $row = mysqli_fetch_array($sql_payments);
                   $total_payments = $row['total_payments'];
 
-                  $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE account_id = $account_id");
+                  $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE account_id = $account_id2");
                   $row = mysqli_fetch_array($sql_revenues);
                   $total_revenues = $row['total_revenues'];
                   

edit_trip_modal.php

@@ -93,7 +93,7 @@
                     <option value="">- Invoice -</option>
                     <?php 
                     
-                    $sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id ORDER BY invoice_number DESC"); 
+                    $sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND clients.company_id = $session_company_id ORDER BY invoice_number DESC"); 
                     while($row = mysqli_fetch_array($sql_invoices)){
                       $client_id_select = $row['client_id'];
                       $client_name_select = $row['client_name'];

expenses.php

@@ -43,6 +43,7 @@
     WHERE expenses.category_id = categories.category_id
     AND expenses.vendor_id = vendors.vendor_id
     AND expenses.account_id = accounts.account_id
+    AND expenses.company_id = $session_company_id
     AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

global_search.php

@@ -6,10 +6,10 @@ if(isset($_GET['query'])){
 
   $query = $_GET['query'];
 
-  $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_name LIKE '%$query%' ORDER BY client_id DESC LIMIT 5");
+  $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY client_id DESC LIMIT 5");
-  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_name LIKE '%$query%' ORDER BY vendor_id DESC LIMIT 5");
+  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");
-  $sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' ORDER BY product_id DESC LIMIT 5");
+  $sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
-  $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_description LIKE '%$query%' ORDER BY login_id DESC LIMIT 5");
+  $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_description LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
 
 ?>
 

invoices.php

@@ -2,43 +2,43 @@
 
 <?php 
   
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'"));
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id"));
   $sent_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial'"));
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial' AND company_id = $session_company_id"));
   $partial_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft'"));
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id"));
   $draft_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled'"));
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id"));
   $cancelled_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE()"));
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE() AND company_id = $session_company_id"));
   $overdue_count = $row['num'];
 
-  $sql_total_draft = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft'");
+  $sql_total_draft = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_draft);
   $total_draft = $row['total_draft'];
 
-  $sql_total_sent = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent'");
+  $sql_total_sent = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_sent);
   $total_sent = $row['total_sent'];
 
-  $sql_total_cancelled = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled'");
+  $sql_total_cancelled = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_cancelled);
   $total_cancelled = $row['total_cancelled'];
   
-  $sql_total_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_partial FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.invoice_status = 'Partial'");
+  $sql_total_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_partial FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.invoice_status = 'Partial' AND invoices.company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_partial);
   $total_partial = $row['total_partial'];
   $total_partial_count = mysqli_num_rows($sql_total_partial);
 
-  $sql_total_overdue_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.invoice_status = 'Partial' AND invoices.invoice_due < CURDATE()");
+  $sql_total_overdue_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.invoice_status = 'Partial' AND invoices.invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_overdue_partial);
   $total_overdue_partial = $row['total_overdue_partial'];
 
-  $sql_total_overdue = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE()");
+  $sql_total_overdue = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
   $row = mysqli_fetch_array($sql_total_overdue);
   $total_overdue = $row['total_overdue'];
 
@@ -86,6 +86,7 @@
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM invoices, clients, categories
     WHERE invoices.client_id = clients.client_id
     AND invoices.category_id = categories.category_id
+    AND invoices.company_id = $session_company_id
     AND (invoice_number LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

payments.php

@@ -43,6 +43,7 @@
     WHERE invoices.client_id = clients.client_id
     AND payments.invoice_id = invoices.invoice_id
     AND payments.account_id = accounts.account_id
+    AND payments.company_id = $session_company_id
     AND (invoice_number LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

post.php

@@ -48,7 +48,7 @@ if(isset($_POST['edit_general_settings'])){
         move_uploaded_file($_FILES['file']['tmp_name'], $path);   
     }
 
-    mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$config_start_page', config_account_balance_threshold = '$config_account_balance_threshold', config_invoice_logo = '$path', config_api_key = '$config_api_key'");
+    mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$config_start_page', config_account_balance_threshold = '$config_account_balance_threshold', config_invoice_logo = '$path', config_api_key = '$config_api_key' WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Settings updated";
 
@@ -68,7 +68,7 @@ if(isset($_POST['edit_company_settings'])){
    
 
 
-    mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$config_company_name', config_company_address = '$config_company_address', config_company_city = '$config_company_city', config_company_state = '$config_company_state', config_company_zip = '$config_company_zip', config_company_phone = '$config_company_phone', config_company_site = '$config_company_site'");
+    mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$config_company_name', config_company_address = '$config_company_address', config_company_city = '$config_company_city', config_company_state = '$config_company_state', config_company_zip = '$config_company_zip', config_company_phone = '$config_company_phone', config_company_site = '$config_company_site' WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Company Settings updated";
 
@@ -83,7 +83,7 @@ if(isset($_POST['edit_mail_settings'])){
     $config_smtp_username = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_username']));
     $config_smtp_password = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_password']));
 
-    mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password'");
+    mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Mail Settings updated";
 
@@ -106,7 +106,7 @@ if(isset($_POST['edit_invoice_settings'])){
     }
     $config_invoice_overdue_reminders = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_invoice_overdue_reminders']));
 
-    mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_footer = '$config_invoice_footer', config_send_invoice_reminders = $config_send_invoice_reminders, config_invoice_overdue_reminders = '$config_invoice_overdue_reminders'");
+    mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_footer = '$config_invoice_footer', config_send_invoice_reminders = $config_send_invoice_reminders, config_invoice_overdue_reminders = '$config_invoice_overdue_reminders' WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Invoice Settings updated";
 
@@ -120,7 +120,7 @@ if(isset($_POST['edit_quote_settings'])){
     $config_quote_next_number = intval($_POST['config_quote_next_number']);
     $config_quote_footer = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_quote_footer']));
 
-    mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer'");
+    mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer' WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Quote Settings updated";
 
@@ -139,7 +139,7 @@ if(isset($_POST['edit_default_settings'])){
     $config_default_transfer_to_account = intval($_POST['config_default_transfer_to_account']);
     $config_default_calendar = intval($_POST['config_default_calendar']);
 
-    mysqli_query($mysqli,"UPDATE settings SET config_default_expense_account = $config_default_expense_account, config_default_payment_account = $config_default_payment_account, config_default_payment_method = '$config_default_payment_method', config_default_expense_payment_method = '$config_default_expense_payment_method', config_default_transfer_from_account = $config_default_transfer_from_account, config_default_transfer_to_account = $config_default_transfer_to_account, config_default_calendar = $config_default_calendar");
+    mysqli_query($mysqli,"UPDATE settings SET config_default_expense_account = $config_default_expense_account, config_default_payment_account = $config_default_payment_account, config_default_payment_method = '$config_default_payment_method', config_default_expense_payment_method = '$config_default_expense_payment_method', config_default_transfer_from_account = $config_default_transfer_from_account, config_default_transfer_to_account = $config_default_transfer_to_account, config_default_calendar = $config_default_calendar WHERE company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Default Settings updated";
 

products.php

@@ -39,7 +39,7 @@
     $disp = "ASC";
   }
 
-  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM products WHERE product_name LIKE '%$q%' ORDER BY $sb $o LIMIT $record_from, $record_to");
+  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM products WHERE product_name LIKE '%$q%' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   $total_found_rows = $num_rows[0];

quotes.php

@@ -42,6 +42,7 @@
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM quotes, clients, categories
     WHERE quotes.client_id = clients.client_id
     AND quotes.category_id = categories.category_id
+    AND quotes.company_id = $session_company_id
     AND (quote_number LIKE '%$q%' OR client_name LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

recurring.php

@@ -42,6 +42,7 @@
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM recurring, clients, categories
     WHERE recurring.client_id = clients.client_id
     AND recurring.category_id = categories.category_id
+    AND recurring.company_id = $session_company_id
     AND (recurring_frequency LIKE '%$q%' OR client_name LIKE '%$q%' OR category_name LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

report_expense_summary.php

@@ -7,9 +7,9 @@ if(isset($_GET['year'])){
   $year = date('Y');
 }
 
-$sql_expense_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(expense_date) AS expense_year FROM expenses WHERE category_id > 0 ORDER BY expense_year DESC");
+$sql_expense_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(expense_date) AS expense_year FROM expenses WHERE category_id > 0 AND company_id = $session_company_id ORDER BY expense_year DESC");
 
-$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type =  'Expense' ORDER BY category_name ASC");
+$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC");
 
 ?>
 
@@ -98,7 +98,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
             <?php
               
             for($month = 1; $month<=12; $month++) {
-              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0");
+              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0 AND company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_expenses);
               $expense_total_amount_for_month = $row['expense_total_amount_for_month'];
               $total_expense_for_all_months = $expense_total_amount_for_month + $total_expense_for_all_months;

report_income_summary.php

@@ -9,7 +9,7 @@ if(isset($_GET['year'])){
 
 $sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues ORDER BY payment_year DESC");
 
-$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type =  'Income' ORDER BY category_name ASC");
+$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id ORDER BY category_name ASC");
 
 ?>
 
@@ -107,11 +107,11 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
             <?php
               
             for($month = 1; $month<=12; $month++) {
-              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
+              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_payments);
               $payment_total_amount_for_month = $row['payment_total_amount_for_month'];
 
-              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
+              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND revenues.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_revenues);
               $revenues_total_amount_for_month = $row['revenue_amount_for_month'];
 

report_profit_loss.php

@@ -11,9 +11,9 @@ if(isset($_GET['year'])){
 //GET unique years from expenses, payments and revenues
 $sql_all_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses UNION DISTINCT SELECT YEAR(payment_date) FROM payments UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues ORDER BY all_years DESC");
 
-$sql_categories_income = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' ORDER BY category_name ASC");
+$sql_categories_income = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id ORDER BY category_name ASC");
 
-$sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC");
+$sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC");
 
 
 ?>
@@ -165,11 +165,11 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
               
             for($month = 1; $month<=3; $month++) {
-              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
+              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_payments);
               $payment_total_amount_for_month = $row['payment_total_amount_for_month'];
 
-              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
+              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND revenues.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_revenues);
               $revenue_total_amount_for_month = $row['revenue_total_amount_for_month'];
 
@@ -185,11 +185,11 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 4; $month<=6; $month++) {
-              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
+              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_payments);
               $payment_total_amount_for_month = $row['payment_total_amount_for_month'];
 
-              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
+              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND revenues.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_revenues);
               $revenue_total_amount_for_month = $row['revenue_total_amount_for_month'];
 
@@ -205,11 +205,11 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 7; $month<=9; $month++) {
-              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
+              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_payments);
               $payment_total_amount_for_month = $row['payment_total_amount_for_month'];
 
-              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
+              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND revenues.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_revenues);
               $revenue_total_amount_for_month = $row['revenue_total_amount_for_month'];
 
@@ -225,11 +225,11 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 10; $month<=12; $month++) {
-              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
+              $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payment_total_amount_for_month FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_payments);
               $payment_total_amount_for_month = $row['payment_total_amount_for_month'];
 
-              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
+              $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS revenue_total_amount_for_month FROM revenues WHERE category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND revenues.company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_revenues);
               $revenue_total_amount_for_month = $row['revenue_total_amount_for_month'];
 
@@ -330,7 +330,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
               
             for($month = 1; $month<=3; $month++) {
-              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0");
+              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0 AND company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_expenses);
               $expense_total_amount_for_quarter_one = $expense_total_amount_for_quarter_one + $row['expense_total_amount_for_month'];
             }
@@ -342,7 +342,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 4; $month<=6; $month++) {
-              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0");
+              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0 AND company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_expenses);
               $expense_total_amount_for_quarter_two = $expense_total_amount_for_quarter_two + $row['expense_total_amount_for_month'];
             }
@@ -354,7 +354,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 7; $month<=9; $month++) {
-              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0");
+              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0 AND company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_expenses);
               $expense_total_amount_for_quarter_three = $expense_total_amount_for_quarter_three + $row['expense_total_amount_for_month'];
             }
@@ -366,7 +366,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
             <?php
  
             for($month = 10; $month<=12; $month++) {
-              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0");
+              $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_total_amount_for_month FROM expenses WHERE category_id > 0 AND YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND vendor_id > 0 AND company_id = $session_company_id");
               $row = mysqli_fetch_array($sql_expenses);
               $expense_total_amount_for_quarter_four = $expense_total_amount_for_quarter_four + $row['expense_total_amount_for_month'];
             }

revenues.php

@@ -42,6 +42,7 @@
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM accounts, revenues, categories
     WHERE revenues.account_id = accounts.account_id
     AND revenues.category_id = categories.category_id
+    AND revenues.company_id = $session_company_id
     AND (account_name LIKE '%$q%' AND revenue_payment_method LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

settings-backup.php

@@ -1,7 +1,5 @@
 <?php include("header.php"); ?>
 
-<?php $sql = mysqli_query($mysqli,"SELECT * FROM accounts ORDER BY account_id DESC"); ?>
-
 <?php include("settings-nav.php"); ?>
 
 <div class="card">

settings-defaults.php

@@ -18,7 +18,7 @@
             <option value="0">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $account_id = $row['account_id'];
               $account_name = $row['account_name'];
@@ -43,7 +43,7 @@
             <option value="0">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $account_id = $row['account_id'];
               $account_name = $row['account_name'];
@@ -68,7 +68,7 @@
             <option value="0">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $account_id = $row['account_id'];
               $account_name = $row['account_name'];
@@ -93,7 +93,7 @@
             <option value="0">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM accounts"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $account_id = $row['account_id'];
               $account_name = $row['account_name'];
@@ -118,7 +118,7 @@
             <option value="">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method'"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $payment_method = $row['category_name'];
 
@@ -142,7 +142,7 @@
             <option value="">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method'"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $payment_method = $row['category_name'];
 
@@ -166,7 +166,7 @@
             <option value="0">- None -</option>
             <?php 
             
-            $sql = mysqli_query($mysqli,"SELECT * FROM calendars"); 
+            $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id"); 
             while($row = mysqli_fetch_array($sql)){
               $calendar_id = $row['calendar_id'];
               $calendar_name = $row['calendar_name'];

setup.php

@@ -23,7 +23,7 @@ if(isset($_POST['add_database'])){
 
   fwrite($myfile, $txt);
 
-  $txt = "config_app_name = IT CRM\n\n";
+  $txt = "\$config_app_name = 'IT CRM';\n\n";
 
   fwrite($myfile, $txt);
 

tickets.php

@@ -40,7 +40,8 @@
   }
 
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM tickets, clients
-    WHERE tickets.client_id = clients.client_id 
+    WHERE tickets.client_id = clients.client_id
+    AND tickets.company_id = $session_company_id
     AND (ticket_id LIKE '%$q%' OR client_name LIKE '%$q%' OR ticket_subject LIKE '%$q%' OR ticket_status LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 

transactions.php

@@ -6,6 +6,7 @@
     WHERE invoices.client_id = clients.client_id
     AND payments.invoice_id = invoices.invoice_id
     AND payments.account_id = accounts.account_id
+    AND payments.company_id = $session_company_id
     ORDER BY payments.payment_id DESC");
 
 ?>

transfers.php

@@ -40,7 +40,7 @@
   }
  
 
-$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS expenses.expense_date AS transfer_date, expenses.expense_amount AS transfer_amount, expenses.account_id AS transfer_account_from, revenues.account_id AS transfer_account_to, transfers.expense_id, transfers.revenue_id , transfers.transfer_id FROM transfers, expenses, revenues WHERE transfers.expense_id = expenses.expense_id AND transfers.revenue_id = revenues.revenue_id ORDER BY $sb $o LIMIT $record_from, $record_to");
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS expenses.expense_date AS transfer_date, expenses.expense_amount AS transfer_amount, expenses.account_id AS transfer_account_from, revenues.account_id AS transfer_account_to, transfers.expense_id, transfers.revenue_id , transfers.transfer_id FROM transfers, expenses, revenues WHERE transfers.expense_id = expenses.expense_id AND transfers.revenue_id = revenues.revenue_id AND transfers.company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to");
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 $total_found_rows = $num_rows[0];

trips.php

@@ -40,7 +40,8 @@
   }
 
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM trips  
-    WHERE trip_purpose LIKE '%$q%' OR trip_starting_location LIKE '%$q%' OR trip_destination LIKE '%$q%'
+    WHERE (trip_purpose LIKE '%$q%' OR trip_starting_location LIKE '%$q%' OR trip_destination LIKE '%$q%')
+    AND company_id = $session_company_id
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

vendors.php

@@ -39,8 +39,7 @@
     $disp = "ASC";
   }
 
-  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM vendors WHERE client_id = 0 
+  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%')
-    AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));