AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #442 from wrongecho/tidy 

Code tidy/cleanups
This commit is contained in:
Johnny 2022-04-14 22:27:00 +00:00 committed by GitHub
parent ea041a0371 17f97ff7bc
commit 087de8242e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
81 changed files with 193 additions and 1494 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
accounts.php
View File

@ -1,51 +1,19 @@
<?php include("inc_all.php"); ?>
<?php include("inc_all.php");
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "account_name";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "account_name";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM accounts
WHERE account_name LIKE '%$q%' AND company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to");
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM accounts
WHERE account_name LIKE '%$q%' AND company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>

2
api.php
View File

@ -9,7 +9,7 @@ $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// Check API key is provided in GET request as 'api_key'
if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
if(!isset($_GET['api_key']) || empty($_GET['api_key'])) {
// Missing key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'No API Key specified', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");

8
api/v1/assets/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Asset via ID (single)
if(isset($_GET['asset_id'])){

8
api/v1/certificates/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific certificate via ID (single)
if(isset($_GET['certificate_id'])){

8
api/v1/contacts/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific contact via ID (single)
if(isset($_GET['contact_id'])){

8
api/v1/domains/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific domain via ID (single)
if(isset($_GET['domain_id'])){

8
api/v1/networks/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific network via ID (single)
if(isset($_GET['network_id'])){

8
api/v1/require_get_method.php Normal file
View File

@ -0,0 +1,8 @@
<?php
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}

8
api/v1/software/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific software via ID (single)
if(isset($_GET['software_id'])){

8
api/v1/tickets/read.php
View File

@ -1,13 +1,7 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_get_method.php');
// Specific ticket via ID (single)
if(isset($_GET['ticket_id'])){

32
assets.php
View File

@ -1,23 +1,5 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
//Custom Query Filter
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
//Column Filter
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -25,20 +7,6 @@ if(!empty($_GET['sb'])){
$sb = "asset_name";
}
//Column Order Filter
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Date From and Date To Filter
if(!empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);

40
campaigns.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "campaign_created_at";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
if(empty($_GET['canned_date'])){
//Prevents lots of undefined variable errors.
// $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00
@ -69,7 +39,7 @@
$dtt = date('Y-m-d');
}elseif($_GET['canned_date'] == "lastyear"){
$dtf = date('Y-m-d',strtotime("first day of january last year"));
$dtt = date('Y-m-d',strtotime("last day of december last year"));
$dtt = date('Y-m-d',strtotime("last day of december last year"));
}else{
$dtf = "0000-00-00";
$dtt = "9999-00-00";
@ -149,7 +119,7 @@
<input type="date" class="form-control" name="dtt" value="<?php echo $dtt; ?>">
</div>
</div>
</div>
</div>
</div>
</form>
<hr>
@ -170,7 +140,7 @@
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$campaign_id = $row['campaign_id'];
$campaign_name = $row['campaign_name'];
@ -245,9 +215,9 @@
//include("campaign_copy_modal.php"); --doesnt exist yet
include("campaign_edit_modal.php");
include("campaign_test_modal.php");
}
?>
</tbody>

36
categories.php
View File

@ -1,27 +1,10 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
if(isset($_GET['category'])){
$category = mysqli_real_escape_string($mysqli,$_GET['category']);
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
$category = "Expense";
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(isset($_GET['category'])){
$category = mysqli_real_escape_string($mysqli,$_GET['category']);
}else{
$category = "Expense";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -29,19 +12,6 @@ if(!empty($_GET['sb'])){
$sb = "category_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

4
client_asset_edit_modal.php
View File

@ -95,7 +95,7 @@
</div>
<?php } ?>
<?php if($asset_type !== 'Phone' AND $asset_type !== 'Mobile Phone' AND $asset_type !== 'Tablet' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Camera' AND $asset_type !== 'TV' AND $asset_type !== 'Other'){ ?>
<?php if($asset_type !== 'Phone' && $asset_type !== 'Mobile Phone' && $asset_type !== 'Tablet' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Camera' && $asset_type !== 'TV' && $asset_type !== 'Other'){ ?>
<div class="form-group">
<label>Operating System</label>
<div class="input-group">
@ -135,7 +135,7 @@
</div>
</div>
<?php if($asset_type !== 'Firewall/Router' AND $asset_type !== 'Switch' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Server' AND $asset_type !== 'Virtual Machine'){ ?>
<?php if($asset_type !== 'Firewall/Router' && $asset_type !== 'Switch' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Server' && $asset_type !== 'Virtual Machine'){ ?>
<div class="form-group">
<label>Assigned To</label>
<div class="input-group">

46
client_assets.php
View File

@ -29,42 +29,12 @@ $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(*) AS count FROM as
AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$other_count = $row['count'];
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "asset_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Asset Type from GET
if(isset($_GET['type']) && ($_GET['type']) == 'workstation'){
$type_query = "asset_type = 'desktop' OR asset_type = 'laptop'";
@ -123,7 +93,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</div>
<div class="col-sm-6">
<div class="btn-group btn-group-lg">
<a href="?<?php echo $url_query_strings_sb; ?>&type=" class="btn <?php if($_GET['type'] == 'all' OR empty($_GET['type'])){ echo 'btn-primary'; }else{ echo 'btn-default'; } ?>">All Assets <span class="right badge badge-light"><?php echo $all_count; ?></span></a>
<a href="?<?php echo $url_query_strings_sb; ?>&type=" class="btn <?php if($_GET['type'] == 'all' || empty($_GET['type'])){ echo 'btn-primary'; }else{ echo 'btn-default'; } ?>">All Assets <span class="right badge badge-light"><?php echo $all_count; ?></span></a>
<?php
if($workstation_count > 0){ ?>
<a href="?<?php echo $url_query_strings_sb; ?>&type=workstation" class="btn <?php if($_GET['type'] == 'workstation'){ echo 'btn-primary'; }else{ echo 'btn-default'; } ?>"><i class="fa fa-fw fa-desktop"></i> Workstations <span class="right badge badge-light"><?php echo $workstation_count; ?></span></a>
@ -167,7 +137,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<thead class="thead-light <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
<?php if($_GET['type'] !== 'virtual' AND $_GET['type'] !== 'servers'){ ?>
<?php if($_GET['type'] !== 'virtual' && $_GET['type'] !== 'servers'){ ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
<?php } ?>
<?php if($_GET['type'] !== 'virtual'){ ?>
@ -176,11 +146,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<?php if($_GET['type'] !== 'virtual'){ ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial Number</a></th>
<?php } ?>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'other'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'other'){ ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_os&o=<?php echo $disp; ?>">Operating System</a></th>
<?php } ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_install_date&o=<?php echo $disp; ?>">Install Date</a></th>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'servers' AND $_GET['type'] !== 'other'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'servers' && $_GET['type'] !== 'other'){ ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_name&o=<?php echo $disp; ?>">Assigned To</a></th>
<?php } ?>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=location_name&o=<?php echo $disp; ?>">Location</a></th>
@ -241,7 +211,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$device_icon = "print";
}elseif($asset_type == 'Camera'){
$device_icon = "video";
}elseif($asset_type == 'Switch' or $asset_type == 'Firewall/Router'){
}elseif($asset_type == 'Switch' || $asset_type == 'Firewall/Router'){
$device_icon = "network-wired";
}elseif($asset_type == 'Access Point'){
$device_icon = "wifi";
@ -322,7 +292,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
</th>
<?php if($_GET['type'] !== 'virtual' AND $_GET['type'] !== 'servers'){ ?>
<?php if($_GET['type'] !== 'virtual' && $_GET['type'] !== 'servers'){ ?>
<td><?php echo $asset_type; ?></td>
<?php } ?>
<?php if($_GET['type'] !== 'virtual'){ ?>
@ -331,11 +301,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<?php if($_GET['type'] !== 'virtual'){ ?>
<td><?php echo $asset_serial_display; ?></td>
<?php } ?>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'other'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'other'){ ?>
<td><?php echo $asset_os_display; ?></td>
<?php } ?>
<td><?php echo $asset_install_date_display; ?></td>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'other' AND $_GET['type'] !== 'servers'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'other' && $_GET['type'] !== 'servers'){ ?>
<td><?php echo $contact_name; ?></td>
<?php } ?>
<td><?php echo $location_name; ?></td>

29
client_certificates.php
View File

@ -1,21 +1,5 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -23,19 +7,6 @@ if(!empty($_GET['sb'])){
$sb = "certificate_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

25
client_contacts.php
View File

@ -1,16 +1,5 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
//Phone Numbers
@ -18,7 +7,6 @@ if(isset($_GET['q'])){
if(empty($n)){
$n = $q;
}
}else{
$q = "";
//Phone Numbers
@ -31,19 +19,6 @@ if(!empty($_GET['sb'])){
$sb = "contact_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_departments.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "department_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_documents.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "document_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
# Tag from GET
if (isset($_GET['tag'])) {
$tag = intval($_GET['tag']);

30
client_domains.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "domain_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

8
client_files.php
View File

@ -73,15 +73,15 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
$file_ext = $row['file_ext'];
if($file_ext == 'pdf'){
$file_icon = "file-pdf";
}elseif($file_ext == 'gz' or $file_ext == 'tar' or $file_ext == 'zip' or $file_ext == '7z' or $file_ext == 'rar'){
}elseif($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar'){
$file_icon = "file-archive";
}elseif($file_ext == 'txt'){
$file_icon = "file-alt";
}elseif($file_ext == 'doc' or $file_ext == 'docx'){
}elseif($file_ext == 'doc' || $file_ext == 'docx'){
$file_icon = "file-word";
}elseif($file_ext == 'xls' or $file_ext == 'xlsx' or $file_ext == 'ods'){
}elseif($file_ext == 'xls' || $file_ext == 'xlsx' || $file_ext == 'ods'){
$file_icon = "file-excel";
}elseif($file_ext == 'mp3' or $file_ext == 'wav' or $file_ext == 'ogg'){
}elseif($file_ext == 'mp3' || $file_ext == 'wav' || $file_ext == 'ogg'){
$file_icon = "file-audio";
}else{
$file_icon = "file";

32
client_invoices.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "invoice_number";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
@ -117,7 +87,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$category_name = $row['category_name'];
$now = time();
if(($invoice_status == "Sent" or $invoice_status == "Partial" or $invoice_status == "Viewed") and strtotime($invoice_due) < $now ){
if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < $now ){
$overdue_color = "text-danger font-weight-bold";
}else{
$overdue_color = "";

26
client_locations.php
View File

@ -1,16 +1,5 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
//Phone Numbers
@ -29,19 +18,6 @@ if(!empty($_GET['sb'])){
$sb = "location_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_logins.php
View File

@ -2,42 +2,12 @@
require_once("rfc6238.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "login_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

28
client_logs.php
View File

@ -1,37 +1,13 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "log_id";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}

30
client_networks.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "network_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_payments.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "payment_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_quotes.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "quote_number";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_recurring_invoices.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "recurring_id";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

13
client_routes.php
View File

@ -1,6 +1,9 @@
<?php
if(isset($_GET['tab'])){
include('pagination_head.php');
if($_GET['tab'] == "overview"){
include("client_overview.php");
}
@ -57,27 +60,27 @@ if(isset($_GET['tab'])){
}
}
elseif($_GET['tab'] == "invoices"){
if($session_user_role == 1 OR $session_user_role == 3) {
if($session_user_role == 1 || $session_user_role == 3) {
include("client_invoices.php");
}
}
elseif($_GET['tab'] == "recurring_invoices"){
if($session_user_role == 1 OR $session_user_role == 3) {
if($session_user_role == 1 || $session_user_role == 3) {
include("client_recurring_invoices.php");
}
}
elseif($_GET['tab'] == "payments"){
if($session_user_role == 1 OR $session_user_role == 3) {
if($session_user_role == 1 || $session_user_role == 3) {
include("client_payments.php");
}
}
elseif($_GET['tab'] == "quotes"){
if($session_user_role == 1 OR $session_user_role == 3) {
if($session_user_role == 1 || $session_user_role == 3) {
include("client_quotes.php");
}
}
elseif($_GET['tab'] == "trips"){
if($session_user_role == 1 OR $session_user_role == 3) {
if($session_user_role == 1 || $session_user_role == 3) {
include("client_trips.php");
}
}

30
client_scheduled_tickets.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "scheduled_ticket_subject";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
// Current tab
$tab = str_replace('-', ' ', htmlentities($_GET['tab']));

4
client_service_view_modal.php
View File

@ -208,7 +208,7 @@
<!-- Logins -->
<?php
if(mysqli_num_rows($sql_assets) > 0 OR mysqli_num_rows($sql_logins) > 0){ ?>
if(mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_logins) > 0){ ?>
<h5><i class="nav-icon fas fa-key"></i> Logins</h5>
<ul>
<?php
@ -237,7 +237,7 @@
<!-- URLs -->
<?php
if($sql_logins OR $sql_assets){ ?>
if($sql_logins || $sql_assets){ ?>
<h5><i class="nav-icon fas fa-link"></i> URLs</h5>
<ul>
<?php

7
client_services.php
View File

@ -1,12 +1,5 @@
<?php
// Search query
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
// Current tab
$tab = htmlentities($_GET['tab']);

24
client_shared_items.php
View File

@ -1,16 +1,5 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
//Phone Numbers
@ -26,19 +15,6 @@ if(isset($_GET['q'])){
// Sort
$sb = "item_created_at";
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
// Current tab
$tab = str_replace('-', ' ', htmlentities($_GET['tab']));

2
client_side_nav.php
View File

@ -226,7 +226,7 @@
</a>
</li>
<?php if($session_user_role == 1 OR $session_user_role > 2){ ?>
<?php if($session_user_role == 1 || $session_user_role > 2){ ?>
<li class="nav-header mt-3">ACCOUNTING</li>

30
client_software.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "software_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_tickets.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "ticket_number";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
client_trips.php
View File

@ -1,41 +1,11 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "trip_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
//Date From and Date To Filter
if(isset($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);

24
client_vendors.php
View File

@ -1,16 +1,5 @@
<?php
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
//Phone Numbers
@ -29,19 +18,6 @@ if(!empty($_GET['sb'])){
$sb = "vendor_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

10
clients.php
View File

@ -54,7 +54,7 @@ if(empty($_GET['canned_date'])) {
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['date_from'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['date_from'])){
$date_from = mysqli_real_escape_string($mysqli,$_GET['date_from']);
$date_to = mysqli_real_escape_string($mysqli,$_GET['date_to']);
}elseif($_GET['canned_date'] == "today"){
@ -167,7 +167,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=client_name&order=<?php echo $order_display; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=location_city&order=<?php echo $order_display; ?>">Address </a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=contact_name&order=<?php echo $order_display; ?>">Contact</a></th>
<?php if($session_user_role == 3 OR $session_user_role == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3 || $session_user_role == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
@ -184,7 +184,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
if(empty($location_address) AND empty($location_city) AND empty($location_state) AND empty($location_zip)){
if(empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)){
$location_address_display = "-";
}else{
$location_address_display = "$location_address<br>$location_city $location_state $location_zip";
@ -270,7 +270,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<td><?php echo $location_address_display; ?></td>
<td>
<?php
if(empty($contact_name) AND empty($contact_phone) AND empty($contact_mobile) AND empty($client_email)){
if(empty($contact_name) && empty($contact_phone) && empty($contact_mobile) && empty($client_email)){
echo "-";
}
?>
@ -310,7 +310,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</td>
<!-- Show Billing for Admin/Accountant roles only -->
<?php if($session_user_role == 3 OR $session_user_role == 1) { ?>
<?php if($session_user_role == 3 || $session_user_role == 1) { ?>
<td class="text-right">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
<br>

30
companies.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "company_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
custom_links.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "custom_link_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

10
dashboard_financial.php
View File

@ -493,7 +493,7 @@ var myLineChart = new Chart(ctx, {
$income_for_month = $payments_for_month + $revenues_for_month;
if($income_for_month > 0 AND $income_for_month > $largest_income_month){
if($income_for_month > 0 && $income_for_month > $largest_income_month){
$largest_income_month = $income_for_month;
}
@ -532,7 +532,7 @@ var myLineChart = new Chart(ctx, {
$income_for_month = $payments_for_month + $revenues_for_month;
if($income_for_month > 0 AND $income_for_month > $largest_income_month){
if($income_for_month > 0 && $income_for_month > $largest_income_month){
$largest_income_month = $income_for_month;
}
@ -568,7 +568,7 @@ var myLineChart = new Chart(ctx, {
$row = mysqli_fetch_array($sql_projected);
$invoice_for_month = $row['invoice_amount_for_month'];
if($invoice_for_month > 0 AND $invoice_for_month > $largest_invoice_month){
if($invoice_for_month > 0 && $invoice_for_month > $largest_invoice_month){
$largest_invoice_month = $invoice_for_month;
}
@ -604,7 +604,7 @@ var myLineChart = new Chart(ctx, {
$row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = $row['expense_amount_for_month'];
if($expenses_for_month > 0 AND $expenses_for_month > $largest_expense_month){
if($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month){
$largest_expense_month = $expenses_for_month;
}
@ -681,7 +681,7 @@ var myLineChart = new Chart(ctx, {
$trip_miles_for_month = $row['trip_miles_for_month'];
$largest_trip_miles_month = 0;
if($trip_miles_for_month > 0 AND $trip_miles_for_month > $largest_trip_miles_month){
if($trip_miles_for_month > 0 && $trip_miles_for_month > $largest_trip_miles_month){
$largest_trip_miles_month = $trip_miles_for_month;
}

32
expenses.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "expense_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
if(empty($_GET['canned_date'])){
//Prevents lots of undefined variable errors.
// $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00
@ -43,7 +13,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

2
functions.php
View File

@ -134,7 +134,7 @@ function get_device(){
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android|iemobile)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$mobile_browser++;
}
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) or ((isset($_SERVER['HTTP_X_WAP_PROFILE']) or isset($_SERVER['HTTP_PROFILE'])))) {
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) || ((isset($_SERVER['HTTP_X_WAP_PROFILE']) || isset($_SERVER['HTTP_PROFILE'])))) {
$mobile_browser++;
}
$mobile_ua = strtolower(substr(get_user_agent(), 0, 4));

6
get_credential.php
View File

@ -5,7 +5,7 @@ $chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82";
if (isset($_SERVER['HTTP_ORIGIN'])) {
if($_SERVER['HTTP_ORIGIN'] == $chrome_id OR $_SERVER['HTTP_ORIGIN'] == $firefox_id){
if($_SERVER['HTTP_ORIGIN'] == $chrome_id || $_SERVER['HTTP_ORIGIN'] == $firefox_id){
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
}
@ -37,7 +37,7 @@ if(!isset($_COOKIE['user_extension_key'])){
$user_extension_key = $_COOKIE['user_extension_key'];
// Check the key isn't empty, less than 17 characters or the word "disabled".
if(empty($user_extension_key) OR strlen($user_extension_key) < 16 OR strtolower($user_extension_key) == "disabled"){
if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.";
echo(json_encode($data));
@ -55,7 +55,7 @@ $auth_user = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings
$row = mysqli_fetch_array($auth_user);
// Check SQL query state
if(mysqli_num_rows($auth_user) < 1 OR !$auth_user){
if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.";
echo(json_encode($data));

8
guest_download_file.php
View File

@ -5,7 +5,7 @@ include("functions.php");
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
if(isset($_GET['id']) AND isset($_GET['key'])){
if(isset($_GET['id']) && isset($_GET['key'])){
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['key'])));
@ -13,7 +13,7 @@ if(isset($_GET['id']) AND isset($_GET['key'])){
$row = mysqli_fetch_array($sql);
// Check result
if(mysqli_num_rows($sql) !== 1 OR !$row){
if(mysqli_num_rows($sql) !== 1 || !$row){
exit("No file.");
}
@ -23,7 +23,7 @@ if(isset($_GET['id']) AND isset($_GET['key'])){
}
// Check item share is active & hasn't been viewed too many times
if($row['item_active'] !== "1" OR $row['item_views'] >= $row['item_view_limit']){
if($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']){
exit("Item cannot be viewed at this time.");
}
@ -40,7 +40,7 @@ if(isset($_GET['id']) AND isset($_GET['key'])){
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if(mysqli_num_rows($file_sql) !== 1 OR !$file_row){
if(mysqli_num_rows($file_sql) !== 1 || !$file_row){
exit("No file.");
}

4
guest_view_invoice.php
View File

@ -108,7 +108,7 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
$balance = $invoice_amount - $amount_paid;
//check to see if overdue
if($invoice_status !== "Paid" AND $invoice_status !== "Draft" AND $invoice_status !== "Cancelled"){
if($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled"){
$unixtime_invoice_due = strtotime($invoice_due) + 86400;
if($unixtime_invoice_due < time()){
$invoice_color = "text-danger";
@ -124,7 +124,7 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
<?php
if($invoice_status != "Paid" and $invoice_status != "Cancelled" and $invoice_status != "Draft" and $config_stripe_enable == 1){
if($invoice_status != "Paid" && $invoice_status != "Cancelled" && $invoice_status != "Draft" && $config_stripe_enable == 1){
?>
<?php
if($config_stripe_enable == 1){

12
guest_view_item.php
View File

@ -10,7 +10,7 @@ include("guest_header.php"); ?>
<hr>
<?php
if(!isset($_GET['id']) OR !isset($_GET['key'])){
if(!isset($_GET['id']) || !isset($_GET['key'])){
echo "<div class=\"alert alert-danger\" role=\"alert\">Incorrect URL.</div>";
include("guest_footer.php");
exit();
@ -23,14 +23,14 @@ $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_
$row = mysqli_fetch_array($sql);
// Check we got a result
if(mysqli_num_rows($sql) !== 1 OR !$row){
if(mysqli_num_rows($sql) !== 1 || !$row){
echo "<div class=\"alert alert-danger\" role=\"alert\">No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
include("guest_footer.php");
exit();
}
// Check item share is active & hasn't been viewed too many times
if($row['item_active'] !== "1" OR $row['item_views'] >= $row['item_view_limit']){
if($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']){
echo "<div class=\"alert alert-danger\" role=\"alert\">Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
include("guest_footer.php");
exit();
@ -53,7 +53,7 @@ if($item_type == "Document"){
$doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id' LIMIT 1");
$doc_row = mysqli_fetch_array($doc_sql);
if(mysqli_num_rows($doc_sql) !== 1 OR !$doc_row){
if(mysqli_num_rows($doc_sql) !== 1 || !$doc_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving document to view.</div>";
include("guest_footer.php");
exit();
@ -81,7 +81,7 @@ elseif($item_type == "File"){
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if(mysqli_num_rows($file_sql) !== 1 OR !$file_row){
if(mysqli_num_rows($file_sql) !== 1 || !$file_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving file.</div>";
include("guest_footer.php");
exit();
@ -102,7 +102,7 @@ elseif($item_type == "Login"){
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id' LIMIT 1");
$login_row = mysqli_fetch_array($login_sql);
if(mysqli_num_rows($login_sql) !== 1 OR !$login_row){
if(mysqli_num_rows($login_sql) !== 1 || !$login_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving login.</div>";
include("guest_footer.php");
exit();

2
guest_view_quote.php
View File

@ -86,7 +86,7 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
<div class="card-header d-print-none">
<div class="float-left">
<?php
if($quote_status == "Draft" or $quote_status == "Sent" or $quote_status == "Viewed"){
if($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed"){
?>
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-check"></i> Accept</a>
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-times"></i> Decline</a>

1
inc_all.php
View File

@ -8,5 +8,6 @@ include("top_nav.php");
include("side_nav.php");
include("inc_wrapper.php");
include("inc_alert_feedback.php");
include("pagination_head.php");
?>

1
inc_all_admin.php
View File

@ -16,5 +16,6 @@ include("top_nav.php");
include("admin_side_nav.php");
include("inc_wrapper.php");
include("inc_alert_feedback.php");
include("pagination_head.php");
?>

10
invoice.php
View File

@ -74,7 +74,7 @@ if(isset($_GET['invoice_id'])){
$balance = $invoice_amount - $amount_paid;
//check to see if overdue
if($invoice_status !== "Paid" AND $invoice_status !== "Draft" AND $invoice_status !== "Cancelled"){
if($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled"){
$unixtime_invoice_due = strtotime($invoice_due) + 86400;
if($unixtime_invoice_due < time()){
$invoice_overdue = "Overdue";
@ -133,7 +133,7 @@ if(isset($_GET['invoice_id'])){
<i class="fas fa-fw fa-paper-plane"></i> Send
</button>
<div class="dropdown-menu">
<?php if(!empty($config_smtp_host) AND !empty($contact_email)){ ?>
<?php if(!empty($config_smtp_host) && !empty($contact_email)){ ?>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">Send Email</a>
<div class="dropdown-divider"></div>
<?php } ?>
@ -141,7 +141,7 @@ if(isset($_GET['invoice_id'])){
</div>
<?php } ?>
<?php if($invoice_status !== 'Paid' and $invoice_status !== 'Cancelled' and $invoice_status !== 'Draft'){ ?>
<?php if($invoice_status !== 'Paid' && $invoice_status !== 'Cancelled' && $invoice_status !== 'Draft'){ ?>
<a class="btn btn-success btn-sm" href="#" data-toggle="modal" data-target="#addPaymentModal"><i class="fa fa-fw fa-credit-card"></i> Add Payment</a>
<?php } ?>
</div>
@ -159,11 +159,11 @@ if(isset($_GET['invoice_id'])){
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" onclick="window.print();">Print</a>
<a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-$client_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');">Download PDF</a>
<?php if(!empty($config_smtp_host) AND !empty($contact_email)){ ?>
<?php if(!empty($config_smtp_host) && !empty($contact_email)){ ?>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">Send Email</a>
<?php } ?>
<a class="dropdown-item" target="_blank" href="guest_view_invoice.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"; ?>">Guest URL</a>
<?php if($invoice_status !== 'Cancelled' and $invoice_status !== 'Paid'){ ?>
<?php if($invoice_status !== 'Cancelled' && $invoice_status !== 'Paid'){ ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?cancel_invoice=<?php echo $invoice_id; ?>">Cancel</a>
<?php } ?>

2
invoice_payment_add_modal.php
View File

@ -117,7 +117,7 @@
</div>
</div>
<?php if(!empty($config_smtp_host) AND !empty($contact_email)){ ?>
<?php if(!empty($config_smtp_host) && !empty($contact_email)){ ?>
<div class="form-group">
<label>Email Receipt</label>

27
invoices.php
View File

@ -51,22 +51,6 @@
$real_overdue_amount = $total_overdue - $total_overdue_partial;
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
@ -74,15 +58,8 @@
$sb = "invoice_number";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}

30
logs.php
View File

@ -1,37 +1,13 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "log_id";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -43,7 +19,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

30
notifications_dismissed.php
View File

@ -1,23 +1,5 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
//Custom Query Filter
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
//Column Filter
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -25,16 +7,8 @@ if(!empty($_GET['sb'])){
$sb = "notification_timestamp";
}
//Column Order Filter
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}

13
pagination.php
View File

@ -1,4 +1,11 @@
<?php
/*
* Pagination Body/Footer
* Displays page number buttons
*
* Should not be accessed directly, but called from other pages
* Relies upon the $num_rows variable being set correctly
*/
$total_found_rows = $num_rows[0];
$total_pages = ceil($total_found_rows / $_SESSION['records_per_page']);
@ -35,10 +42,10 @@ if ($total_found_rows > 10) {
if($total_pages <= 100){
$pages_split = 10;
}
if(($total_pages <= 1000) AND ($total_pages > 100)){
if(($total_pages <= 1000) && ($total_pages > 100)){
$pages_split = 100;
}
if(($total_pages <= 10000) AND ($total_pages > 1000)){
if(($total_pages <= 10000) && ($total_pages > 1000)){
$pages_split = 1000;
}
if($p > 1){
@ -61,7 +68,7 @@ if ($total_found_rows > 10) {
while($i < $total_pages){
$i++;
if(($i == 1) OR (($p <= 3) AND ($i <= 6)) OR (($i > $total_pages - 6) AND ($p > $total_pages - 3 )) OR (is_int($i / $pages_split)) OR (($p > 3) AND ($i >= $p - 2) AND ($i <= $p + 3)) OR ($i == $total_pages)){
if(($i == 1) || (($p <= 3) && ($i <= 6)) || (($i > $total_pages - 6) && ($p > $total_pages - 3 )) || (is_int($i / $pages_split)) || (($p > 3) && ($i >= $p - 2) && ($i <= $p + 3)) || ($i == $total_pages)){
if($p == $i ) {
$page_class = "active";
}else{

40
pagination_head.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/*
* Pagination - Head
* Sets the paging/sort for use in limit/order by
* Sets the default search query from GET to $q
*
* Should not be accessed directly, but called from other pages
*/
// Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
// Order
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
// Search
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}

30
payments.php
View File

@ -1,37 +1,13 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "payment_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -43,7 +19,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

12
post.php
View File

@ -1360,7 +1360,7 @@ if(isset($_POST['add_client'])){
}
//Add Location
if(!empty($location_phone) OR !empty($address) OR !empty($city) OR !empty($state) OR !empty($zip)){
if(!empty($location_phone) || !empty($address) || !empty($city) || !empty($state) || !empty($zip)){
mysqli_query($mysqli,"INSERT INTO locations SET location_name = 'Primary', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone = '$location_phone', location_country = '$country', location_created_at = NOW(), location_client_id = $client_id, company_id = $session_company_id");
//Update Primay location in clients
@ -1373,7 +1373,7 @@ if(isset($_POST['add_client'])){
//Add Contact
if(!empty($contact) OR !empty($title) OR !empty($contact_phone) OR !empty($contact_mobile) OR !empty($contact_email)){
if(!empty($contact) || !empty($title) || !empty($contact_phone) || !empty($contact_mobile) || !empty($contact_email)){
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$contact', contact_title = '$title', contact_phone = '$contact_phone', contact_extension = '$contact_extension', contact_mobile = '$contact_mobile', contact_email = '$contact_email', contact_created_at = NOW(), contact_client_id = $client_id, company_id = $session_company_id");
//Update Primay contact in clients
@ -2710,7 +2710,7 @@ if(isset($_GET['delete_expense'])){
if(isset($_POST['export_expenses_csv'])){
$date_from = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_from'])));
$date_to = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_to'])));
if(!empty($date_from) AND !empty($date_to)){
if(!empty($date_from) && !empty($date_to)){
$date_query = "AND DATE(expense_date) BETWEEN '$date_from' AND '$date_to'";
$file_name_date = "$date_from-to-$date_to";
}else{
@ -5939,7 +5939,7 @@ if(isset($_POST['add_ticket'])){
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['details']))));
$asset_id = intval($_POST['asset']);
if($client_id > 0 AND $contact == 0){
if($client_id > 0 && $contact == 0){
$sql = mysqli_query($mysqli,"SELECT primary_contact FROM clients WHERE client_id = $client_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$contact = $row['primary_contact'];
@ -5985,7 +5985,7 @@ if(isset($_POST['add_scheduled_ticket'])){
$frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
$start_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['start_date'])));
if($client_id > 0 AND $contact == 0){
if($client_id > 0 && $contact == 0){
$sql = mysqli_query($mysqli,"SELECT primary_contact FROM clients WHERE client_id = $client_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$contact = $row['primary_contact'];
@ -7236,7 +7236,7 @@ if(isset($_GET['force_recurring'])){
if(isset($_POST['export_trips_csv'])){
$date_from = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_from'])));
$date_to = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_to'])));
if(!empty($date_from) AND !empty($date_to)){
if(!empty($date_from) && !empty($date_to)){
$date_query = "AND DATE(trip_date) BETWEEN '$date_from' AND '$date_to'";
$file_name_date = "$date_from-to-$date_to";
}else{

29
products.php
View File

@ -1,40 +1,11 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "product_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

6
quote.php
View File

@ -109,7 +109,7 @@ if(isset($_GET['quote_id'])){
<i class="fas fa-fw fa-paper-plane"></i> Send
</button>
<div class="dropdown-menu">
<?php if(!empty($config_smtp_host) AND !empty($contact_email)){ ?>
<?php if(!empty($config_smtp_host) && !empty($contact_email)){ ?>
<a class="dropdown-item" href="post.php?email_quote=<?php echo $quote_id; ?>">Send Email</a>
<div class="dropdown-divider"></div>
<?php } ?>
@ -117,7 +117,7 @@ if(isset($_GET['quote_id'])){
</div>
<?php } ?>
<?php if($quote_status == 'Sent' or $quote_status == 'Viewed'){ ?>
<?php if($quote_status == 'Sent' || $quote_status == 'Viewed'){ ?>
<a class="btn btn-success" href="post.php?accept_quote=<?php echo $quote_id; ?>"><i class="fas fa-fw fa-check"></i> Accept</a>
<a class="btn btn-danger" href="post.php?decline_quote=<?php echo $quote_id; ?>"><i class="fas fa-fw fa-times"></i> Decline</a>
<?php } ?>
@ -139,7 +139,7 @@ if(isset($_GET['quote_id'])){
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" onclick="window.print();">Print</a>
<a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$quote_date-$company_name-$client_name-Quote-$quote_prefix$quote_number.pdf"; ?>');">Download PDF</a>
<?php if(!empty($config_smtp_host) AND !empty($contact_email)){ ?>
<?php if(!empty($config_smtp_host) && !empty($contact_email)){ ?>
<a class="dropdown-item" href="post.php?email_quote=<?php echo $quote_id; ?>">Send Email</a>
<?php } ?>
<a class="dropdown-item" target="_blank" href="guest_view_quote.php?quote_id=<?php echo "$quote_id&url_key=$quote_url_key"; ?>">Guest URL</a>

32
quotes.php
View File

@ -1,39 +1,13 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
//Custom Query Filter
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "quote_number";
}
//Column Order Filter
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -45,7 +19,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

32
recurring_invoices.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "recurring_next_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
if(empty($_GET['canned_date'])) {
//Prevents lots of undefined variable errors.
// $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00
@ -43,7 +13,7 @@ if(empty($_GET['canned_date'])) {
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

2
report_expense_summary.php
View File

@ -170,7 +170,7 @@ var myLineChart = new Chart(ctx, {
$row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = $row['expense_amount_for_month'];
if($expenses_for_month > 0 AND $expenses_for_month > $largest_expense_month){
if($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month){
$largest_expense_month = $expenses_for_month;
}

2
report_income_summary.php
View File

@ -189,7 +189,7 @@ var myLineChart = new Chart(ctx, {
$income_for_month = $payments_for_month + $revenues_for_month;
if($income_for_month > 0 AND $income_for_month > $largest_income_month){
if($income_for_month > 0 && $income_for_month > $largest_income_month){
$largest_income_month = $income_for_month;
}

30
revenues.php
View File

@ -1,37 +1,13 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "revenue_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -43,7 +19,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

30
scheduled_tickets.php
View File

@ -1,42 +1,12 @@
<?php
include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "scheduled_ticket_subject";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

30
settings-api.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "api_key_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

2
settings-mail.php
View File

@ -92,7 +92,7 @@
</div>
</div>
<?php if(!empty($config_smtp_host) AND !empty($config_smtp_port) AND !empty($config_smtp_username) AND !empty($config_smtp_password) AND !empty($config_mail_from_email) AND !empty($config_mail_from_name)){ ?>
<?php if(!empty($config_smtp_host) && !empty($config_smtp_port) && !empty($config_smtp_username) && !empty($config_smtp_password) && !empty($config_mail_from_email) && !empty($config_mail_from_name)){ ?>
<div class="card card-dark">
<div class="card-header">

8
side_nav.php
View File

@ -78,7 +78,7 @@
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php" OR basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-ticket-alt"></i>
<p>Tickets</p>
</a>
@ -97,7 +97,7 @@
</li>
<li class="nav-item">
<a href="campaigns.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "campaigns.php" OR basename($_SERVER["PHP_SELF"]) == "campaign.php") { echo "active"; } ?>">
<a href="campaigns.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "campaigns.php" || basename($_SERVER["PHP_SELF"]) == "campaign.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-envelope"></i>
<p>Campaigns</p>
</a>
@ -109,13 +109,13 @@
<li class="nav-header mt-3">SALES</li>
<li class="nav-item">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" OR basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
<p>Quotes</p>
</a>
</li>
<li class="nav-item">
<a href="invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "invoices.php" OR basename($_SERVER["PHP_SELF"]) == "invoice.php") { echo "active"; } ?>">
<a href="invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "invoices.php" || basename($_SERVER["PHP_SELF"]) == "invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice-dollar"></i>
<p>Invoices</p>
</a>

32
tags.php
View File

@ -1,21 +1,4 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
<?php include("inc_all.php");
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -23,19 +6,6 @@ if(!empty($_GET['sb'])){
$sb = "tag_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

13
taxes.php
View File

@ -6,19 +6,6 @@ if(!empty($_GET['sb'])){
$sb = "tax_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

2
ticket.php
View File

@ -323,7 +323,7 @@ if(isset($_GET['ticket_id'])){
</div>
</h3>
<?php if($ticket_reply_type !== "Client" AND $ticket_status !== "Closed") { ?>
<?php if($ticket_reply_type !== "Client" && $ticket_status !== "Closed") { ?>
<div class="card-tools">
<div class="dropdown dropleft">
<button class="btn btn-tool" type="button" id="dropdownMenuButton" data-toggle="dropdown">

2
tickets.php
View File

@ -73,7 +73,7 @@ if (empty($_GET['canned_date'])) {
$_GET['canned_date'] = 'custom';
}
if ($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])) {
if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
$dtf = mysqli_real_escape_string($mysqli, $_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli, $_GET['dtt']);
} elseif ($_GET['canned_date'] == "today") {

32
transfers.php
View File

@ -1,23 +1,5 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
//Search Query Filter
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
//Column Sortby Filter
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
@ -25,16 +7,8 @@ if(!empty($_GET['sb'])){
$sb = "transfer_date";
}
//Order Filter
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -46,7 +20,7 @@ if(empty($_GET['canned_date'])){
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

30
trips.php
View File

@ -1,37 +1,13 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "trip_date";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
// Reverse default sort
if(!isset($_GET['o'])){
$o = "DESC";
$disp = "ASC";
}
@ -43,7 +19,7 @@
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){

114
user_logs.php
View File

@ -1,114 +0,0 @@
<?php include("inc_all_admin.php");
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "log_id";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "DESC";
$disp = "ASC";
}
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logs, users
WHERE log_type LIKE '%$q%' OR log_action LIKE '%$q%' OR log_description LIKE '%$q%'
AND (logs.user_id = users.user_id)
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$total_found_rows = $num_rows[0];
$total_pages = ceil($total_found_rows / 10);
?>
<div class="card mb-3">
<div class="card-header bg-dark text-white">
<h6 class="float-left mt-1"><i class="fa fa-fw fa-book mr-2"></i>Logs</h6>
</div>
<div class="card-body">
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Logs">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_created_at&o=<?php echo $disp; ?>">Timestamp</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=name&o=<?php echo $disp; ?>">User</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_type&o=<?php echo $disp; ?>">Type</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_action&o=<?php echo $disp; ?>">Action</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_description&o=<?php echo $disp; ?>">Description</a></th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$user_name = $row['name'];
?>
<tr>
<td><?php echo $log_created_at; ?></td>
<td><?php echo $user_name; ?></td>
<td><?php echo $log_type; ?></td>
<td><?php echo $log_action; ?></td>
<td><?php echo $log_description; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php include("pagination.php"); ?>
</div>
</div>
</div>
<?php include("footer.php");

30
users.php
View File

@ -1,41 +1,11 @@
<?php include("inc_all_admin.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "user_name";
}
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));

25
vendors.php
View File

@ -1,16 +1,5 @@
<?php include("inc_all.php");
//Paging
if(isset($_GET['p'])){
$p = intval($_GET['p']);
$record_from = (($p)-1)*$_SESSION['records_per_page'];
$record_to = $_SESSION['records_per_page'];
}else{
$record_from = 0;
$record_to = $_SESSION['records_per_page'];
$p = 1;
}
if(isset($_GET['q'])){
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
//Phone Numbers
@ -30,20 +19,6 @@ if(!empty($_GET['sb'])){
$sb = "vendor_name";
}
//Column Order
if(isset($_GET['o'])){
if($_GET['o'] == 'ASC'){
$o = "ASC";
$disp = "DESC";
}else{
$o = "DESC";
$disp = "ASC";
}
}else{
$o = "ASC";
$disp = "DESC";
}
//Date From and Date To Filter
if(!empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);