AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

replace all instances of mysqli_fetch_array with mysqli_fetch_assoc for better performance and memory usage

Browse Source
This commit is contained in:
johnnyq
2026-01-14 17:30:23 -05:00
parent cb8b99d6ae
commit 0a30300bde
361 changed files with 1880 additions and 1904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
agent/post/asset.php
View File

@@ -85,7 +85,7 @@ if (isset($_POST['edit_asset'])) {
// Get Existing Photo
$sql = mysqli_query($mysqli,"SELECT asset_photo FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$existing_file_name = sanitizeInput($row['asset_photo']);
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_uri_client = '$uri_client', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_reference = '$purchase_reference', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_physical_location = '$physical_location', asset_notes = '$notes' WHERE asset_id = $asset_id");
@@ -146,7 +146,7 @@ if (isset($_GET['archive_asset'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -170,7 +170,7 @@ if (isset($_GET['unarchive_asset'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -194,7 +194,7 @@ if (isset($_GET['delete_asset'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -220,7 +220,7 @@ if (isset($_POST['bulk_assign_asset_tags'])) {
$asset_id = intval($asset_id);
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -262,7 +262,7 @@ if (isset($_POST['bulk_assign_asset_location'])) {
// Get Location name and client id for logging and alert
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -277,7 +277,7 @@ if (isset($_POST['bulk_assign_asset_location'])) {
// Get Asset Details for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -315,7 +315,7 @@ if (isset($_POST['bulk_assign_asset_physical_location'])) {
// Get Asset Details for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -352,7 +352,7 @@ if (isset($_POST['bulk_transfer_client_asset'])) {
$current_asset_id = intval($current_asset_id);
// Get Asset details and current client ID/Name for logging
$row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT asset_name, asset_notes, asset_client_id, client_name
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT asset_name, asset_notes, asset_client_id, client_name
FROM assets
LEFT JOIN clients ON client_id = asset_client_id
WHERE asset_id = $current_asset_id")
@@ -377,7 +377,7 @@ if (isset($_POST['bulk_transfer_client_asset'])) {
// Transfer all Interfaces over too
$sql_interfaces = mysqli_query($mysqli, "SELECT * FROM asset_interfaces WHERE interface_asset_id = $current_asset_id");
while ($row = mysqli_fetch_array($sql_interfaces)) {
while ($row = mysqli_fetch_assoc($sql_interfaces)) {
$interface_name = sanitizeInput($row['interface_name']);
$interface_mac = sanitizeInput($row['interface_mac']);
$interface_primary = intval($row['interface_primary']);
@@ -428,7 +428,7 @@ if (isset($_POST['bulk_assign_asset_contact'])) {
// Get Contact name and client id for logging and Notification
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -443,7 +443,7 @@ if (isset($_POST['bulk_assign_asset_contact'])) {
// Get Asset Details for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
mysqli_query($mysqli,"UPDATE assets SET asset_contact_id = $contact_id WHERE asset_id = $asset_id");
@@ -478,7 +478,7 @@ if (isset($_POST['bulk_edit_asset_status'])) {
// Get Asset Details for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -513,7 +513,7 @@ if (isset($_POST['bulk_archive_assets'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -549,7 +549,7 @@ if (isset($_POST['bulk_unarchive_assets'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -586,7 +586,7 @@ if (isset($_POST['bulk_delete_assets'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -615,7 +615,7 @@ if (isset($_POST['link_software_to_asset'])) {
// Get software Name and Client ID for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$row = mysqli_fetch_assoc($sql_software);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -641,7 +641,7 @@ if (isset($_GET['unlink_software_from_asset'])) {
// Get software Name and Client ID for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$row = mysqli_fetch_assoc($sql_software);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -668,7 +668,7 @@ if (isset($_POST['link_asset_to_credential'])) {
// Get credential Name and Client ID for logging
$sql_credential = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql_credential);
$row = mysqli_fetch_assoc($sql_credential);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -694,7 +694,7 @@ if (isset($_GET['unlink_credential_from_asset'])) {
// Get credential Name and Client ID for logging
$sql_credential = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql_credential);
$row = mysqli_fetch_assoc($sql_credential);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -720,7 +720,7 @@ if (isset($_POST['link_service_to_asset'])) {
// Get service Name and Client ID for logging
$sql_service = mysqli_query($mysqli,"SELECT service_name, service_client_id FROM services WHERE service_id = $service_id");
$row = mysqli_fetch_array($sql_service);
$row = mysqli_fetch_assoc($sql_service);
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
@@ -746,7 +746,7 @@ if (isset($_GET['unlink_service_from_asset'])) {
// Get service Name and Client ID for logging
$sql_service = mysqli_query($mysqli,"SELECT service_name, service_client_id FROM services WHERE service_id = $service_id");
$row = mysqli_fetch_array($sql_service);
$row = mysqli_fetch_assoc($sql_service);
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
@@ -772,7 +772,7 @@ if (isset($_POST['link_asset_to_file'])) {
// Get file Name and Client ID for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -799,7 +799,7 @@ if (isset($_GET['unlink_asset_from_file'])) {
// Get file Name and Client ID for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -990,7 +990,7 @@ if (isset($_GET['download_assets_csv_template'])) {
//get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = $row['client_name'];
@@ -1029,7 +1029,7 @@ if (isset($_POST['export_assets_csv'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND asset_client_id = $client_id";
$client_row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id"));
$client_row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id"));
$client_name = $client_row['client_name'];
$file_name_prepend = "$client_name-";
} else {
@@ -1056,7 +1056,7 @@ if (isset($_POST['export_assets_csv'])) {
fputcsv($f, $fields, $delimiter, $enclosure, $escape);
//output each row of the data, format line as csv and write to file pointer
while ($row = mysqli_fetch_array($sql)) {
while ($row = mysqli_fetch_assoc($sql)) {
$lineData = array($row['asset_name'], $row['asset_description'], $row['asset_type'], $row['asset_make'], $row['asset_model'], $row['asset_serial'], $row['asset_os'], $row['asset_purchase_date'], $row['asset_warranty_expire'], $row['asset_install_date'], $row['contact_name'], $row['location_name'], $row['asset_physical_location'], $row['asset_notes']);
fputcsv($f, $lineData, $delimiter, $enclosure, $escape);
}
@@ -1099,7 +1099,7 @@ if (isset($_POST['add_asset_interface'])) {
FROM assets
WHERE asset_id = $asset_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1168,7 +1168,7 @@ if (isset($_POST['add_asset_multiple_interfaces'])) {
$notes = sanitizeInput($_POST['notes']);
$sql = mysqli_query($mysqli, "SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1216,7 +1216,7 @@ if (isset($_POST['edit_asset_interface'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1291,7 +1291,7 @@ if (isset($_GET['delete_asset_interface'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$interface_name = sanitizeInput($row['interface_name']);
$asset_name = sanitizeInput($row['asset_name']);
@@ -1342,7 +1342,7 @@ if (isset($_POST['bulk_edit_asset_interface_type'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1389,7 +1389,7 @@ if (isset($_POST['bulk_edit_asset_interface_network'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1430,7 +1430,7 @@ if (isset($_POST['bulk_edit_asset_interface_ip_dhcp'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1472,7 +1472,7 @@ if (isset($_POST['bulk_delete_asset_interfaces'])) {
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_id = intval($row['asset_id']);
$interface_name = sanitizeInput($row['interface_name']);
$asset_name = sanitizeInput($row['asset_name']);
@@ -1616,7 +1616,7 @@ if (isset($_GET['download_client_asset_interfaces_csv_template'])) {
//get records from database
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = $row['asset_name'];
@@ -1655,7 +1655,7 @@ if (isset($_POST['export_client_asset_interfaces_csv'])) {
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM asset_interfaces LEFT JOIN assets ON asset_id = interface_asset_id LEFT JOIN networks ON interface_network_id = network_id LEFT JOIN clients ON asset_client_id = client_id WHERE asset_id = $asset_id AND interface_archived_at IS NULL ORDER BY interface_name ASC");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$num_rows = mysqli_num_rows($sql);
@@ -1675,7 +1675,7 @@ if (isset($_POST['export_client_asset_interfaces_csv'])) {
fputcsv($f, $fields, $delimiter, $enclosure, $escape);
//output each row of the data, format line as csv and write to file pointer
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$lineData = array($row['interface_name'], $row['interface_description'], $row['interface_type'], $row['interface_mac'], $row['interface_ip'], $row['interface_nat_ip'], $row['interface_ipv6'], $row['network_name']);
fputcsv($f, $lineData, $delimiter, $enclosure, $escape);
}

8
agent/post/certificate.php
View File

@@ -114,7 +114,7 @@ if (isset($_GET['archive_certificate'])) {
// Get Certificate Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT certificate_name, certificate_client_id FROM certificates WHERE certificate_id = $certificate_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']);
@@ -136,7 +136,7 @@ if (isset($_GET['unarchive_certificate'])) {
// Get Certificate Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT certificate_name, certificate_client_id FROM certificates WHERE certificate_id = $certificate_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']);
@@ -158,7 +158,7 @@ if (isset($_GET['delete_certificate'])) {
// Get Certificate Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT certificate_name, certificate_client_id FROM certificates WHERE certificate_id = $certificate_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']);
@@ -190,7 +190,7 @@ if (isset($_POST['bulk_delete_certificates'])) {
// Get Certificate Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT certificate_name, certificate_client_id FROM certificates WHERE certificate_id = $certificate_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']);

64
agent/post/client.php
View File

@@ -301,7 +301,7 @@ if (isset($_GET['archive_client'])) {
// Stop recurring invoices
$sql_recurring_invoices = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id AND recurring_invoice_status = 1");
while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
while ($row = mysqli_fetch_assoc($sql_recurring_invoices)) {
$recurring_invoice_id = intval($row['recurring_invoice_id']);
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_status = 0 WHERE recurring_invoice_id = $recurring_invoice_id AND recurring_invoice_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 0, history_description = 'Recurring Invoice inactive as client archived', history_recurring_invoice_id = $recurring_invoice_id");
@@ -371,7 +371,7 @@ if (isset($_GET['delete_client'])) {
//Delete Invoices and Invoice Referencing data
$sql = mysqli_query($mysqli, "SELECT invoice_id FROM invoices WHERE invoice_client_id = $client_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$invoice_id = $row['invoice_id'];
mysqli_query($mysqli, "DELETE FROM invoice_items WHERE item_invoice_id = $invoice_id");
mysqli_query($mysqli, "DELETE FROM payments WHERE payment_invoice_id = $invoice_id");
@@ -389,7 +389,7 @@ if (isset($_GET['delete_client'])) {
//Delete Quote and related items
$sql = mysqli_query($mysqli, "SELECT quote_id FROM quotes WHERE quote_client_id = $client_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$quote_id = $row['quote_id'];
mysqli_query($mysqli, "DELETE FROM invoice_items WHERE item_quote_id = $quote_id");
@@ -398,7 +398,7 @@ if (isset($_GET['delete_client'])) {
// Delete Recurring Invoices and associated items
$sql = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$recurring_invoice_id = $row['recurring_invoice_id'];
mysqli_query($mysqli, "DELETE FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
}
@@ -418,7 +418,7 @@ if (isset($_GET['delete_client'])) {
// Delete tickets and related data
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_client_id = $client_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$ticket_id = $row['ticket_id'];
mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
@@ -749,7 +749,7 @@ if (isset($_POST['bulk_add_client_ticket'])) {
// Check to see if adding a ticket by template
if($ticket_template_id) {
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
// Override Template Subject
if(empty($subject)) {
@@ -772,7 +772,7 @@ if (isset($_POST['bulk_add_client_ticket'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
@@ -814,7 +814,7 @@ if (isset($_POST['bulk_add_client_ticket'])) {
// Add Tasks from Template if Template was selected
if($ticket_template_id) {
if (mysqli_num_rows($sql_task_templates) > 0) {
while ($row = mysqli_fetch_array($sql_task_templates)) {
while ($row = mysqli_fetch_assoc($sql_task_templates)) {
$task_order = intval($row['task_template_order']);
$task_name = sanitizeInput($row['task_template_name']);
@@ -853,7 +853,7 @@ if (isset($_POST['bulk_edit_client_industry'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
mysqli_query($mysqli,"UPDATE clients SET client_type = '$industry' WHERE client_id = $client_id");
@@ -887,7 +887,7 @@ if (isset($_POST['bulk_edit_client_referral'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
mysqli_query($mysqli,"UPDATE clients SET client_referral = '$referral' WHERE client_id = $client_id");
@@ -921,7 +921,7 @@ if (isset($_POST['bulk_edit_client_hourly_rate'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
mysqli_query($mysqli,"UPDATE clients SET client_rate = '$rate' WHERE client_id = $client_id");
@@ -953,7 +953,7 @@ if (isset($_POST['bulk_assign_client_tags'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
if ($_POST['bulk_remove_tags']) {
@@ -1030,7 +1030,7 @@ if (isset($_POST['bulk_send_client_email']) && isset($_POST['client_ids'])) {
$data = [];
$unique_contacts = [];
while ($row = mysqli_fetch_array($result)) {
while ($row = mysqli_fetch_assoc($result)) {
$contact_email = sanitizeInput($row['contact_email']);
// Skip if email is missing or invalid
@@ -1084,7 +1084,7 @@ if (isset($_POST['bulk_archive_clients'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
mysqli_query($mysqli,"UPDATE clients SET client_archived_at = NOW() WHERE client_id = $client_id");
@@ -1120,7 +1120,7 @@ if (isset($_POST['bulk_unarchive_clients'])) {
$client_id = intval($client_id);
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = sanitizeInput($row['client_name']);
mysqli_query($mysqli,"UPDATE clients SET client_archived_at = NULL WHERE client_id = $client_id");
@@ -1148,7 +1148,7 @@ if (isset($_POST["export_client_pdf"])) {
enforceUserPermission("module_financial", 1);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = nullable_htmlentities($row['company_name']);
$company_phone_country_code = nullable_htmlentities($row['company_phone_country_code']);
$company_phone = nullable_htmlentities(formatPhoneNumber($row['company_phone'], $company_phone_country_code));
@@ -1186,7 +1186,7 @@ if (isset($_POST["export_client_pdf"])) {
LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
WHERE client_id = $client_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
// Immediately sanitize retrieved values
$client_name = nullable_htmlentities($row["client_name"]);
@@ -1404,7 +1404,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_contacts)) {
while ($row = mysqli_fetch_assoc($sql_contacts)) {
$contact_name = nullable_htmlentities(getFallBack($row["contact_name"]));
$contact_title = nullable_htmlentities(getFallBack($row["contact_title"]));
$contact_department = nullable_htmlentities($row["contact_department"]);
@@ -1446,7 +1446,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_locations)) {
while ($row = mysqli_fetch_assoc($sql_locations)) {
$location_name = nullable_htmlentities($row["location_name"]);
$location_address = nullable_htmlentities($row["location_address"]);
$location_city = nullable_htmlentities($row["location_city"]);
@@ -1482,7 +1482,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_vendors)) {
while ($row = mysqli_fetch_assoc($sql_vendors)) {
$vendor_name = nullable_htmlentities($row["vendor_name"]);
$vendor_description = nullable_htmlentities($row["vendor_description"]);
$vendor_account_number = nullable_htmlentities($row["vendor_account_number"]);
@@ -1520,7 +1520,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_credentials)) {
while ($row = mysqli_fetch_assoc($sql_credentials)) {
$credential_name = nullable_htmlentities($row["credential_name"]);
$credential_description = getFallback(nullable_htmlentities($row["credential_description"]));
$credential_username = nullable_htmlentities(decryptCredentialEntry($row["credential_username"]));
@@ -1570,7 +1570,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_workstations)) {
while ($row = mysqli_fetch_assoc($sql_asset_workstations)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$asset_type = nullable_htmlentities($row["asset_type"]);
$asset_make = nullable_htmlentities($row["asset_make"]);
@@ -1621,7 +1621,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_servers)) {
while ($row = mysqli_fetch_assoc($sql_asset_servers)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$asset_make = nullable_htmlentities($row["asset_make"]);
$asset_model = nullable_htmlentities($row["asset_model"]);
@@ -1665,7 +1665,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_vms)) {
while ($row = mysqli_fetch_assoc($sql_asset_vms)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$asset_os = nullable_htmlentities($row["asset_os"]);
$asset_ip = nullable_htmlentities($row["interface_ip"]);
@@ -1703,7 +1703,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_network)) {
while ($row = mysqli_fetch_assoc($sql_asset_network)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$asset_type = nullable_htmlentities($row["asset_type"]);
$asset_make = nullable_htmlentities($row["asset_make"]);
@@ -1752,7 +1752,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_other)) {
while ($row = mysqli_fetch_assoc($sql_asset_other)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$asset_type = nullable_htmlentities($row["asset_type"]);
$asset_make = nullable_htmlentities($row["asset_make"]);
@@ -1799,7 +1799,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_software)) {
while ($row = mysqli_fetch_assoc($sql_software)) {
$software_name = nullable_htmlentities($row["software_name"]);
$software_type = nullable_htmlentities($row["software_type"]);
$software_license_type = nullable_htmlentities($row["software_license_type"]);
@@ -1836,7 +1836,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_user_licenses)) {
while ($row = mysqli_fetch_assoc($sql_user_licenses)) {
$contact_name = nullable_htmlentities($row["contact_name"]);
$software_name = nullable_htmlentities($row["software_name"]);
$html .= "
@@ -1863,7 +1863,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_asset_licenses)) {
while ($row = mysqli_fetch_assoc($sql_asset_licenses)) {
$asset_name = nullable_htmlentities($row["asset_name"]);
$software_name = nullable_htmlentities($row["software_name"]);
$html .= "
@@ -1893,7 +1893,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_networks)) {
while ($row = mysqli_fetch_assoc($sql_networks)) {
$network_name = nullable_htmlentities($row["network_name"]);
$network_vlan = nullable_htmlentities($row["network_vlan"]);
$network = nullable_htmlentities($row["network"]);
@@ -1926,7 +1926,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_domains)) {
while ($row = mysqli_fetch_assoc($sql_domains)) {
$domain_name = nullable_htmlentities($row["domain_name"]);
$domain_expire = nullable_htmlentities($row["domain_expire"]);
$html .= "
@@ -1955,7 +1955,7 @@ if (isset($_POST["export_client_pdf"])) {
</tr>
</thead>
<tbody>";
while ($row = mysqli_fetch_array($sql_certficates)) {
while ($row = mysqli_fetch_assoc($sql_certficates)) {
$certificate_name = nullable_htmlentities($row["certificate_name"]);
$certificate_domain = nullable_htmlentities($row["certificate_domain"]);
$certificate_issued_by = nullable_htmlentities($row["certificate_issued_by"]);

66
agent/post/contact.php
View File

@@ -87,7 +87,7 @@ if (isset($_POST['edit_contact'])) {
// Get Exisiting Contact Photo and contact_user_id
$sql = mysqli_query($mysqli,"SELECT contact_photo, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$existing_file_name = sanitizeInput($row['contact_photo']);
$contact_user_id = intval($row['contact_user_id']);
@@ -172,7 +172,7 @@ if (isset($_POST['edit_contact'])) {
// Get Company Phone Number
$sql = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
@@ -226,7 +226,7 @@ if (isset($_POST['add_contact_note'])) {
// Get Contact details for logging and alerting
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -251,7 +251,7 @@ if (isset($_GET['archive_contact_note'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_note_type, contact_id, contact_name, contact_client_id FROM contact_notes LEFT JOIN contacts ON contact_id = contact_note_contact_id WHERE contact_note_id = $contact_note_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_note_type = sanitizeInput($row['contact_note_type']);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -275,7 +275,7 @@ if (isset($_GET['unarchive_contact_note'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_note_type, contact_id, contact_name, contact_client_id FROM contact_notes LEFT JOIN contacts ON contact_id = contact_note_contact_id WHERE contact_note_id = $contact_note_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_note_type = sanitizeInput($row['contact_note_type']);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -299,7 +299,7 @@ if (isset($_GET['delete_contact_note'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_note_type, contact_id, contact_name, contact_client_id FROM contact_notes LEFT JOIN contacts ON contact_id = contact_note_contact_id WHERE contact_note_id = $contact_note_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_note_type = sanitizeInput($row['contact_note_type']);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -323,7 +323,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
// Get Location name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -338,7 +338,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
mysqli_query($mysqli,"UPDATE contacts SET contact_location_id = $location_id WHERE contact_id = $contact_id");
@@ -373,7 +373,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -409,7 +409,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -447,7 +447,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -483,7 +483,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -534,7 +534,7 @@ if (isset($_POST['send_bulk_mail_now'])) {
$contact_id = intval($contact_id);
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$client_id = intval($row['contact_client_id']);
@@ -579,7 +579,7 @@ if (isset($_POST['bulk_archive_contacts'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_primary, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_primary = intval($row['contact_primary']);
$client_id = intval($row['contact_client_id']);
@@ -628,7 +628,7 @@ if (isset($_POST['bulk_unarchive_contacts'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -671,7 +671,7 @@ if (isset($_POST['bulk_delete_contacts'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -705,7 +705,7 @@ if (isset($_GET['anonymize_contact'])) {
// Get contact & client info
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_first_name = explode(" ", $contact_name)[0];
@@ -745,7 +745,7 @@ if (isset($_GET['anonymize_contact'])) {
// Redact audit logs
$log_sql = mysqli_query($mysqli, "SELECT * FROM logs WHERE log_client_id = $client_id");
while ($log = mysqli_fetch_array($log_sql)) {
while ($log = mysqli_fetch_assoc($log_sql)) {
$log_id = intval($log['log_id']);
$description = $log['log_description'];
$description = str_ireplace($info_to_redact, "*****", $description);
@@ -757,7 +757,7 @@ if (isset($_GET['anonymize_contact'])) {
// Get all tickets this contact raised
$contact_tickets_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id AND ticket_contact_id = $contact_id");
while ($ticket = mysqli_fetch_array($contact_tickets_sql)) {
while ($ticket = mysqli_fetch_assoc($contact_tickets_sql)) {
$ticket_id = intval($ticket['ticket_id']);
@@ -777,7 +777,7 @@ if (isset($_GET['anonymize_contact'])) {
// Redact contact name or email in the replies of all tickets they raised
$ticket_replies_sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
while($ticket_reply = mysqli_fetch_array($ticket_replies_sql)) {
while($ticket_reply = mysqli_fetch_assoc($ticket_replies_sql)) {
$ticket_reply_id = intval($ticket_reply['ticket_reply_id']);
$ticket_reply_details = $ticket_reply['ticket_reply'];
$ticket_reply_details = str_ireplace($info_to_redact, "*****", $ticket_reply_details);
@@ -809,7 +809,7 @@ if (isset($_GET['archive_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -837,7 +837,7 @@ if (isset($_GET['unarchive_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -865,7 +865,7 @@ if (isset($_GET['delete_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -894,7 +894,7 @@ if (isset($_POST['link_contact_to_asset'])) {
// Get Asset Name and Client ID for logging
$sql_asset = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql_asset);
$row = mysqli_fetch_assoc($sql_asset);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -920,7 +920,7 @@ if (isset($_GET['unlink_asset_from_contact'])) {
// Get asset Name and Client ID for logging
$sql_asset = mysqli_query($mysqli,"SELECT asset_name, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql_asset);
$row = mysqli_fetch_assoc($sql_asset);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -946,7 +946,7 @@ if (isset($_POST['link_software_to_contact'])) {
// Get software Name and Client ID for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$row = mysqli_fetch_assoc($sql_software);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -972,7 +972,7 @@ if (isset($_GET['unlink_software_from_contact'])) {
// Get software Name and Client ID for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$row = mysqli_fetch_assoc($sql_software);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -998,7 +998,7 @@ if (isset($_POST['link_contact_to_credential'])) {
// Get credential Name and Client ID for logging
$sql_credential = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql_credential);
$row = mysqli_fetch_assoc($sql_credential);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -1024,7 +1024,7 @@ if (isset($_GET['unlink_credential_from_contact'])) {
// Get credential Name and Client ID for logging
$sql_credential = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql_credential);
$row = mysqli_fetch_assoc($sql_credential);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -1050,7 +1050,7 @@ if (isset($_POST['link_service_to_contact'])) {
// Get service Name and Client ID for logging
$sql_service = mysqli_query($mysqli,"SELECT service_name, service_client_id FROM services WHERE service_id = $service_id");
$row = mysqli_fetch_array($sql_service);
$row = mysqli_fetch_assoc($sql_service);
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
@@ -1076,7 +1076,7 @@ if (isset($_GET['unlink_service_from_contact'])) {
// Get service Name and Client ID for logging
$sql_service = mysqli_query($mysqli,"SELECT service_name, service_client_id FROM services WHERE service_id = $service_id");
$row = mysqli_fetch_array($sql_service);
$row = mysqli_fetch_assoc($sql_service);
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
@@ -1102,7 +1102,7 @@ if (isset($_POST['link_contact_to_file'])) {
// Get file Name and Client ID for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -1129,7 +1129,7 @@ if (isset($_GET['unlink_contact_from_file'])) {
// Get file Name and Client ID for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);

14
agent/post/credential.php
View File

@@ -79,7 +79,7 @@ if(isset($_GET['archive_credential'])){
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -101,7 +101,7 @@ if(isset($_GET['unarchive_credential'])){
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -123,7 +123,7 @@ if (isset($_GET['delete_credential'])) {
// Get Credential Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -152,7 +152,7 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -205,7 +205,7 @@ if (isset($_POST['bulk_archive_credentials'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -242,7 +242,7 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
@@ -280,7 +280,7 @@ if (isset($_POST['bulk_delete_credentials'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);

42
agent/post/document.php
View File

@@ -66,7 +66,7 @@ if (isset($_POST['add_document_from_template'])) {
WHERE document_template_id = $document_template_id"
);
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_template_name = sanitizeInput($row['document_template_name']);
$template_content_html = $row['document_template_content']; // raw HTML from template
@@ -145,7 +145,7 @@ if (isset($_POST['edit_document'])) {
AND document_id = $document_id"
);
$row = mysqli_fetch_array($sql_original_document);
$row = mysqli_fetch_assoc($sql_original_document);
$original_document_name = sanitizeInput($row['document_name']);
$original_document_description = sanitizeInput($row['document_description']);
@@ -238,13 +238,13 @@ if (isset($_POST['move_document'])) {
// Get Document Name Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
// Get Folder Name for logging
$sql_folder = mysqli_query($mysqli,"SELECT folder_name FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql_folder);
$row = mysqli_fetch_assoc($sql_folder);
$folder_name = sanitizeInput($row['folder_name']);
// Document edit query
@@ -268,7 +268,7 @@ if (isset($_POST['rename_document'])) {
// Get Document Name before renaming for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$old_document_name = sanitizeInput($row['document_name']);
// Document edit query
@@ -291,7 +291,7 @@ if (isset($_POST['bulk_move_document'])) {
// Get folder name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$folder_name = sanitizeInput($row['folder_name']);
$client_id = intval($row['folder_client_id']);
@@ -330,7 +330,7 @@ if (isset($_POST['link_file_to_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -357,7 +357,7 @@ if (isset($_GET['unlink_file_from_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -383,7 +383,7 @@ if (isset($_POST['link_vendor_to_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -410,7 +410,7 @@ if (isset($_GET['unlink_vendor_from_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -437,7 +437,7 @@ if (isset($_POST['link_contact_to_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -464,7 +464,7 @@ if (isset($_GET['unlink_contact_from_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -490,7 +490,7 @@ if (isset($_POST['link_asset_to_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -516,7 +516,7 @@ if (isset($_GET['unlink_asset_from_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -542,7 +542,7 @@ if (isset($_POST['link_software_to_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -569,7 +569,7 @@ if (isset($_GET['unlink_software_from_document'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -601,7 +601,7 @@ if (isset($_POST['toggle_document_visibility'])) {
// Get Document Name and Client ID for logging
$sql_document = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql_document);
$row = mysqli_fetch_assoc($sql_document);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -623,7 +623,7 @@ if (isset($_GET['export_document'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT document_name, document_content, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$document_name = sanitizeInput($row['document_name']);
$document_content = $row['document_content'];
$client_id = intval($row['document_client_id']);
@@ -667,7 +667,7 @@ if (isset($_GET['archive_document'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -730,7 +730,7 @@ if (isset($_GET['delete_document_version'])) {
// Get Document
$sql = mysqli_query($mysqli,"SELECT document_version_name, document_client_id FROM documents, document_versions WHERE document_version_document_id = document_id AND document_version_id = $document_version_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['document_client_id']);
$document_version_name = sanitizeInput($row['document_version_name']);
@@ -752,7 +752,7 @@ if (isset($_GET['delete_document'])) {
// Get Document Name and Client ID for logging
$sql = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['document_client_id']);
$document_name = sanitizeInput($row['document_name']);

12
agent/post/domain.php
View File

@@ -153,7 +153,7 @@ if (isset($_GET['archive_domain'])) {
//Get domain Name
$sql = mysqli_query($mysqli,"SELECT * FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
@@ -175,7 +175,7 @@ if(isset($_GET['unarchive_domain'])){
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
@@ -197,7 +197,7 @@ if (isset($_GET['delete_domain'])) {
// Get Domain Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
@@ -229,7 +229,7 @@ if (isset($_POST['bulk_archive_domains'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
@@ -266,7 +266,7 @@ if (isset($_POST['bulk_unarchive_domains'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
@@ -304,7 +304,7 @@ if (isset($_POST['bulk_delete_domains'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);

12
agent/post/event.php
View File

@@ -54,13 +54,13 @@ if (isset($_POST['add_event'])) {
if ($email_event == 1) {
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
$row = mysqli_fetch_array($sql_client);
$row = mysqli_fetch_assoc($sql_client);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$sql_company = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
$company_address = sanitizeInput($row['company_address']);
@@ -121,13 +121,13 @@ if (isset($_POST['edit_event'])) {
if ($email_event == 1) {
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients JOIN contacts ON contact_client_id = client_id WHERE contact_primary = 1 AND client_id = $client");
$row = mysqli_fetch_array($sql_client);
$row = mysqli_fetch_assoc($sql_client);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$sql_company = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
$company_address = sanitizeInput($row['company_address']);
@@ -177,12 +177,12 @@ if (isset($_POST['edit_event'])) {
}
if (isset($_GET['delete_event'])) {
$event_id = intval($_GET['delete_event']);
// Get Event Title
$sql = mysqli_query($mysqli,"SELECT * FROM calendar_events WHERE event_id = $event_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$event_title = sanitizeInput($row['event_title']);
$client_id = intval($row['event_client_id']);

16
agent/post/expense.php
View File

@@ -16,7 +16,7 @@ if (isset($_POST['add_expense'])) {
// Check for and process attachment
$extended_alert_description = '';
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
@@ -81,11 +81,11 @@ if (isset($_POST['edit_expense'])) {
}
if (isset($_GET['delete_expense'])) {
$expense_id = intval($_GET['delete_expense']);
$sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$expense_receipt = sanitizeInput($row['expense_receipt']);
$expense_description = sanitizeInput($row['expense_description']);
$client_id = intval($row['expense_client_id']);
@@ -120,7 +120,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
// Get Expense Details for Logging
$sql = mysqli_query($mysqli,"SELECT expense_description, expense_client_id FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$expense_description = sanitizeInput($row['expense_description']);
$client_id = intval($row['expense_client_id']);
@@ -157,7 +157,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
// Get Expense Details for Logging
$sql = mysqli_query($mysqli,"SELECT expense_description, expense_client_id FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$expense_description = sanitizeInput($row['expense_description']);
$client_id = intval($row['expense_client_id']);
@@ -209,7 +209,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
}
if (isset($_POST['bulk_delete_expenses'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
@@ -225,7 +225,7 @@ if (isset($_POST['bulk_delete_expenses'])) {
$expense_id = intval($expense_id);
$sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$expense_description = sanitizeInput($row['expense_description']);
$expense_receipt = sanitizeInput($row['expense_receipt']);
$client_id = intval($row['expense_client_id']);
@@ -249,7 +249,7 @@ if (isset($_POST['bulk_delete_expenses'])) {
}
if (isset($_POST['export_expenses_csv'])) {
$date_from = sanitizeInput($_POST['date_from']);
$date_to = sanitizeInput($_POST['date_to']);
$account = intval($_POST['account']);

26
agent/post/file.php
View File

@@ -110,7 +110,7 @@ if (isset($_POST['rename_file'])) {
// Get File Details Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$old_file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -134,7 +134,7 @@ if (isset($_POST['move_file'])) {
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -159,7 +159,7 @@ if (isset($_GET['archive_file'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -204,7 +204,7 @@ if (isset($_POST['delete_file'])) {
$file_id = intval($_POST['file_id']);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$client_id = intval($row['file_client_id']);
$file_name = sanitizeInput($row['file_name']);
$file_reference_name = sanitizeInput($row['file_reference_name']);
@@ -247,7 +247,7 @@ if (isset($_POST['bulk_archive_files'])) {
$file_id = intval($file_id);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$client_id = intval($row['file_client_id']);
$file_name = sanitizeInput($row['file_name']);
@@ -269,7 +269,7 @@ if (isset($_POST['bulk_archive_files'])) {
$document_id = intval($document_id);
// Get document name for logging
$sql = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -306,7 +306,7 @@ if (isset($_POST['bulk_delete_files'])) {
$file_id = intval($file_id);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$client_id = intval($row['file_client_id']);
$file_name = sanitizeInput($row['file_name']);
$file_reference_name = sanitizeInput($row['file_reference_name']);
@@ -340,7 +340,7 @@ if (isset($_POST['bulk_delete_files'])) {
$document_id = intval($document_id);
// Get Document Name and Client ID for logging
$sql = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['document_client_id']);
$document_name = sanitizeInput($row['document_name']);
@@ -383,7 +383,7 @@ if (isset($_POST['bulk_restore_files'])) {
$file_id = intval($file_id);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$row = mysqli_fetch_assoc($sql_file);
$client_id = intval($row['file_client_id']);
$file_name = sanitizeInput($row['file_name']);
@@ -405,7 +405,7 @@ if (isset($_POST['bulk_restore_files'])) {
$document_id = intval($document_id);
// Get document name for logging
$sql = mysqli_query($mysqli,"SELECT document_name, document_client_id FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$document_name = sanitizeInput($row['document_name']);
$client_id = intval($row['document_client_id']);
@@ -440,7 +440,7 @@ if (isset($_POST['bulk_move_files'])) {
// If moving into a real folder, get folder name + client for logging
if ($folder_id > 0) {
$sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id");
if ($row = mysqli_fetch_array($sql)) {
if ($row = mysqli_fetch_assoc($sql)) {
$folder_name = sanitizeInput($row['folder_name']);
$log_client_id = intval($row['folder_client_id']);
}
@@ -545,7 +545,7 @@ if (isset($_POST['link_asset_to_file'])) {
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
@@ -572,7 +572,7 @@ if (isset($_GET['unlink_asset_from_file'])) {
// Get File Name and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT file_name, file_client_id FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);

6
agent/post/folder.php
View File

@@ -36,7 +36,7 @@ if (isset($_POST['rename_folder'])) {
// Get old Folder Name Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$old_folder_name = sanitizeInput($row['folder_name']);
$client_id = intval($row['folder_client_id']);
@@ -59,7 +59,7 @@ if (isset($_GET['delete_folder'])) {
// Get Folder Name Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$folder_name = sanitizeInput($row['folder_name']);
$client_id = intval($row['folder_client_id']);
@@ -67,7 +67,7 @@ if (isset($_GET['delete_folder'])) {
// Move files in deleted folder back to the root folder /
$sql_documents = mysqli_query($mysqli,"SELECT * FROM documents WHERE document_folder_id = $folder_id");
while($row = mysqli_fetch_array($sql_documents)) {
while($row = mysqli_fetch_assoc($sql_documents)) {
$document_id = intval($row['document_id']);
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id");

70
agent/post/invoice.php
View File

@@ -56,7 +56,7 @@ if (isset($_POST['edit_invoice'])) {
// Get Invoice Number and Prefix and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT invoice_prefix, invoice_number, invoice_client_id FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -64,7 +64,7 @@ if (isset($_POST['edit_invoice'])) {
// Calculate new total
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id");
$invoice_amount = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$invoice_amount = $invoice_amount + $item_total;
}
@@ -88,7 +88,7 @@ if (isset($_POST['add_invoice_copy'])) {
//Get Net Terms
$sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE client_id = invoice_client_id AND invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_net_terms = intval($row['client_net_terms']);
$invoice_scope = sanitizeInput($row['invoice_scope']);
$invoice_discount_amount = floatval($row['invoice_discount_amount']);
@@ -121,7 +121,7 @@ if (isset($_POST['add_invoice_copy'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Copied INVOICE!', history_invoice_id = $new_invoice_id");
$sql_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id");
while($row = mysqli_fetch_array($sql_items)) {
while($row = mysqli_fetch_assoc($sql_items)) {
$item_id = intval($row['item_id']);
$item_name = sanitizeInput($row['item_name']);
$item_description = sanitizeInput($row['item_description']);
@@ -152,7 +152,7 @@ if (isset($_GET['mark_invoice_sent'])) {
// Get Invoice Number and Prefix and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT invoice_prefix, invoice_number, invoice_client_id FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -175,7 +175,7 @@ if (isset($_GET['mark_invoice_non-billable'])) {
// Get Invoice Number and Prefix and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT invoice_prefix, invoice_number, invoice_client_id FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -198,7 +198,7 @@ if (isset($_GET['cancel_invoice'])) {
// Get Invoice Number and Prefix and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT invoice_prefix, invoice_number, invoice_client_id FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -221,7 +221,7 @@ if (isset($_GET['delete_invoice'])) {
// Get Invoice Number and Prefix and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT invoice_prefix, invoice_number, invoice_client_id FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -230,21 +230,21 @@ if (isset($_GET['delete_invoice'])) {
//Delete Items Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_id = intval($row['item_id']);
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
}
//Delete History Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_invoice_id = $invoice_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$history_id = intval($row['history_id']);
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
//Delete Payments Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM payments WHERE payment_invoice_id = $invoice_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$payment_id = intval($row['payment_id']);
mysqli_query($mysqli,"DELETE FROM payments WHERE payment_id = $payment_id");
}
@@ -288,7 +288,7 @@ if (isset($_POST['add_invoice_item'])) {
FROM product_stock
WHERE stock_product_id = $product_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$available_stock = floatval($row['available_stock']);
// Enough in stock?
@@ -305,7 +305,7 @@ if (isset($_POST['add_invoice_item'])) {
// Tax
if ($tax_id > 0) {
$sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$tax_amount = $subtotal * $tax_percent / 100;
} else {
@@ -318,7 +318,7 @@ if (isset($_POST['add_invoice_item'])) {
// Get Discount and Invoice Details
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -327,7 +327,7 @@ if (isset($_POST['add_invoice_item'])) {
//add up all line items
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id");
$invoice_total = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$invoice_total = $invoice_total + $item_total;
}
@@ -352,7 +352,7 @@ if (isset($_POST['invoice_note'])) {
// Get Invoice Details for logging
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -383,7 +383,7 @@ if (isset($_POST['edit_item'])) {
if ($tax_id > 0) {
$sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$tax_amount = $subtotal * $tax_percent / 100;
} else {
@@ -396,7 +396,7 @@ if (isset($_POST['edit_item'])) {
// Determine what type of line item
$sql = mysqli_query($mysqli,"SELECT item_invoice_id, item_quote_id, item_recurring_invoice_id FROM invoice_items WHERE item_id = $item_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['item_invoice_id']);
$quote_id = intval($row['item_quote_id']);
$recurring_invoice_id = intval($row['item_recurring_invoice_id']);
@@ -404,7 +404,7 @@ if (isset($_POST['edit_item'])) {
if ($invoice_id > 0) {
//Get Discount Amount
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -412,7 +412,7 @@ if (isset($_POST['edit_item'])) {
//Update Invoice Balances by tallying up invoice items
$sql_invoice_total = mysqli_query($mysqli,"SELECT SUM(item_total) AS invoice_total FROM invoice_items WHERE item_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_invoice_total);
$row = mysqli_fetch_assoc($sql_invoice_total);
$new_invoice_amount = floatval($row['invoice_total']) - $invoice_discount;
@@ -425,7 +425,7 @@ if (isset($_POST['edit_item'])) {
} elseif ($quote_id > 0) {
//Get Discount Amount
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -433,7 +433,7 @@ if (isset($_POST['edit_item'])) {
//Update Quote Balances by tallying up items
$sql_quote_total = mysqli_query($mysqli,"SELECT SUM(item_total) AS quote_total FROM invoice_items WHERE item_quote_id = $quote_id");
$row = mysqli_fetch_array($sql_quote_total);
$row = mysqli_fetch_assoc($sql_quote_total);
$new_quote_amount = floatval($row['quote_total']) - $quote_discount;
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
@@ -443,7 +443,7 @@ if (isset($_POST['edit_item'])) {
} else {
//Get Discount Amount
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);
@@ -451,7 +451,7 @@ if (isset($_POST['edit_item'])) {
//Update Invoice Balances by tallying up invoice items
$sql_recurring_invoice_total = mysqli_query($mysqli,"SELECT SUM(item_total) AS recurring_invoice_total FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql_recurring_invoice_total);
$row = mysqli_fetch_assoc($sql_recurring_invoice_total);
$new_recurring_invoice_amount = floatval($row['recurring_invoice_total']) - $recurring_invoice_discount;
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
@@ -474,7 +474,7 @@ if (isset($_GET['delete_invoice_item'])) {
$item_id = intval($_GET['delete_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['item_invoice_id']);
$item_name = sanitizeInput($row['item_name']);
$item_quantity = floatval($row['item_quantity']);
@@ -484,7 +484,7 @@ if (isset($_GET['delete_invoice_item'])) {
$item_total = floatval($row['item_total']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);
@@ -517,7 +517,7 @@ if (isset($_GET['email_invoice'])) {
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
WHERE invoice_id = $invoice_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
@@ -535,7 +535,7 @@ if (isset($_GET['email_invoice'])) {
$contact_email = sanitizeInput($row['contact_email']);
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
@@ -556,7 +556,7 @@ if (isset($_GET['email_invoice'])) {
// Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row['amount_paid']);
$balance = $invoice_amount - $amount_paid;
@@ -607,7 +607,7 @@ if (isset($_GET['email_invoice'])) {
$data = [];
while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
while ($billing_contact = mysqli_fetch_assoc($sql_billing_contacts)) {
$billing_contact_name = sanitizeInput($billing_contact['contact_name']);
$billing_contact_email = sanitizeInput($billing_contact['contact_email']);
@@ -736,7 +736,7 @@ if (isset($_GET['export_invoice_pdf'])) {
LIMIT 1"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -772,7 +772,7 @@ if (isset($_GET['export_invoice_pdf'])) {
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_id = intval($row['company_id']);
$company_name = nullable_htmlentities($row['company_name']);
$company_country = nullable_htmlentities($row['company_country']);
@@ -796,7 +796,7 @@ if (isset($_GET['export_invoice_pdf'])) {
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row['amount_paid']);
$balance = $invoice_amount - $amount_paid;
@@ -882,7 +882,7 @@ if (isset($_GET['export_invoice_pdf'])) {
$total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) {
while ($item = mysqli_fetch_assoc($sql_items)) {
$name = $item['item_name'];
$desc = $item['item_description'];
$qty = $item['item_quantity'];
@@ -962,7 +962,7 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
// Get Invoice Details for Logging
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_scope = sanitizeInput($row['invoice_scope']);

16
agent/post/location.php
View File

@@ -68,7 +68,7 @@ if(isset($_POST['edit_location'])){
// Get old location photo
$sql = mysqli_query($mysqli,"SELECT location_photo FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$existing_file_name = sanitizeInput($row['location_photo']);
if(!file_exists("../uploads/clients/$client_id")) {
@@ -128,7 +128,7 @@ if(isset($_GET['archive_location'])){
// Get Location Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -150,7 +150,7 @@ if(isset($_GET['unarchive_location'])){
// Get Location Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -172,7 +172,7 @@ if(isset($_GET['delete_location'])){
// Get Location Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -201,7 +201,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -252,7 +252,7 @@ if (isset($_POST['bulk_archive_locations'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id, location_primary FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$location_primary = intval($row['location_primary']);
$client_id = intval($row['location_client_id']);
@@ -296,7 +296,7 @@ if (isset($_POST['bulk_unarchive_locations'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
@@ -334,7 +334,7 @@ if (isset($_POST['bulk_delete_locations'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT location_name, location_client_id FROM locations WHERE location_id = $location_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);

8
agent/post/network.php
View File

@@ -49,7 +49,7 @@ if (isset($_GET['archive_network'])) {
// Get Network Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT network_name, network_client_id FROM networks WHERE network_id = $network_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$network_name = sanitizeInput($row['network_name']);
$client_id = intval($row['network_client_id']);
@@ -71,7 +71,7 @@ if (isset($_GET['unarchive_network'])) {
// Get Network Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT network_name, network_client_id FROM networks WHERE network_id = $network_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$network_name = sanitizeInput($row['network_name']);
$client_id = intval($row['network_client_id']);
@@ -93,7 +93,7 @@ if (isset($_GET['delete_network'])) {
// Get Network Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT network_name, network_client_id FROM networks WHERE network_id = $network_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$network_name = sanitizeInput($row['network_name']);
$client_id = intval($row['network_client_id']);
@@ -125,7 +125,7 @@ if (isset($_POST['bulk_delete_networks'])) {
// Get Network Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT network_name, network_client_id FROM networks WHERE network_id = $network_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$network_name = sanitizeInput($row['network_name']);
$client_id = intval($row['network_client_id']);

40
agent/post/payment.php
View File

@@ -33,7 +33,7 @@ if (isset($_POST['add_payment'])) {
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_total_payments_amount = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS payments_amount FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_total_payments_amount);
$row = mysqli_fetch_assoc($sql_total_payments_amount);
$total_payments_amount = floatval($row['payments_amount']);
//Get the invoice total
@@ -43,7 +43,7 @@ if (isset($_POST['add_payment'])) {
WHERE invoice_id = $invoice_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -58,7 +58,7 @@ if (isset($_POST['add_payment'])) {
$contact_mobile = sanitizeInput(formatPhoneNumber($row['contact_mobile'], $row['contact_mobile_country_code']));
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
@@ -205,7 +205,7 @@ if (isset($_POST['apply_credit'])) {
$credit_amount_applied = floatval($_POST['credit_amount_applied']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -216,20 +216,20 @@ if (isset($_POST['apply_credit'])) {
// Get Credit Balance
$sql_credit_balance = mysqli_query($mysqli, "SELECT SUM(credit_amount) AS credit_balance FROM credits WHERE credit_client_id = $client_id");
$row = mysqli_fetch_array($sql_credit_balance);
$row = mysqli_fetch_assoc($sql_credit_balance);
$credit_balance = floatval($row['credit_balance']);
// Get Invoice Balance
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row['amount_paid']);
$invoice_balance = $invoice_amount - $amount_paid;
// Get Credit Tally applied to invoice
$sql_credit_tally = mysqli_query($mysqli, "SELECT SUM(credit_tally) AS credit_balance FROM credits WHERE credit_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_credit_tally);
$row = mysqli_fetch_assoc($sql_credit_tally);
$credit_tally = floatval($row['credit_tally']);
@@ -318,7 +318,7 @@ if (isset($_POST['add_payment_stripe'])) {
LEFT JOIN contacts ON client_id = contact_client_id AND contact_primary = 1
WHERE invoice_id = $invoice_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_number = intval($row['invoice_number']);
$invoice_status = sanitizeInput($row['invoice_status']);
$invoice_amount = floatval($row['invoice_amount']);
@@ -336,7 +336,7 @@ if (isset($_POST['add_payment_stripe'])) {
// Get ITFlow company details
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
$company_address = sanitizeInput($row['company_address']);
@@ -353,7 +353,7 @@ if (isset($_POST['add_payment_stripe'])) {
// Get Client Payment Details
$sql = mysqli_query($mysqli, "SELECT * FROM client_saved_payment_methods LEFT JOIN payment_providers ON saved_payment_provider_id = payment_provider_id LEFT JOIN client_payment_provider ON saved_payment_client_id = client_id WHERE saved_payment_id = $saved_payment_id LIMIT 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$public_key = sanitizeInput($row['payment_provider_public_key']);
$private_key = sanitizeInput($row['payment_provider_private_key']);
@@ -513,7 +513,7 @@ if (isset($_GET['add_payment_stripe'])) {
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
WHERE invoice_id = $invoice_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_number = intval($row['invoice_number']);
$invoice_status = sanitizeInput($row['invoice_status']);
$invoice_amount = floatval($row['invoice_amount']);
@@ -531,7 +531,7 @@ if (isset($_GET['add_payment_stripe'])) {
// Get ITFlow company details
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
$company_address = sanitizeInput($row['company_address']);
@@ -547,7 +547,7 @@ if (isset($_GET['add_payment_stripe'])) {
$config_invoice_from_email = sanitizeInput($config_invoice_from_email);
// Get Client Stripe details
$stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $client_id LIMIT 1"));
$stripe_client_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $client_id LIMIT 1"));
$stripe_id = sanitizeInput($stripe_client_details['stripe_id']);
$stripe_pm = sanitizeInput($stripe_client_details['stripe_pm']);
@@ -715,7 +715,7 @@ if (isset($_POST['add_bulk_payment'])) {
$result_invoices = mysqli_query($mysqli, $sql_invoices);
// Loop Through Each Invoice
while ($row = mysqli_fetch_array($result_invoices)) {
while ($row = mysqli_fetch_assoc($result_invoices)) {
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -723,7 +723,7 @@ if (isset($_POST['add_bulk_payment'])) {
$invoice_url_key = sanitizeInput($row['invoice_url_key']);
$invoice_balance_query = "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id";
$result_amount_paid = mysqli_query($mysqli, $invoice_balance_query);
$row_amount_paid = mysqli_fetch_array($result_amount_paid);
$row_amount_paid = mysqli_fetch_assoc($result_amount_paid);
$amount_paid = floatval($row_amount_paid['amount_paid']);
$invoice_balance = $invoice_amount - $amount_paid;
@@ -776,13 +776,13 @@ if (isset($_POST['add_bulk_payment'])) {
WHERE client_id = $client_id"
);
$row = mysqli_fetch_array($sql_client);
$row = mysqli_fetch_assoc($sql_client);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$sql_company = mysqli_query($mysqli,"SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -823,18 +823,18 @@ if (isset($_GET['delete_payment'])) {
$payment_id = intval($_GET['delete_payment']);
$sql = mysqli_query($mysqli,"SELECT * FROM payments WHERE payment_id = $payment_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['payment_invoice_id']);
$deleted_payment_amount = floatval($row['payment_amount']);
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_total_payments_amount = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_amount FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_total_payments_amount);
$row = mysqli_fetch_assoc($sql_total_payments_amount);
$total_payments_amount = floatval($row['total_payments_amount']);
// Get the invoice total and details
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$client_id = intval($row['invoice_client_id']);

20
agent/post/project.php
View File

@@ -43,7 +43,7 @@ if (isset($_POST['add_project'])) {
AND project_template_ticket_templates.project_template_id = $project_template_id");
$ticket_template_count = mysqli_num_rows($sql_ticket_templates);
while ($row = mysqli_fetch_array($sql_ticket_templates)) {
while ($row = mysqli_fetch_assoc($sql_ticket_templates)) {
$ticket_template_id = intval($row['ticket_template_id']);
$ticket_template_order = intval($row['ticket_template_order']);
$ticket_template_subject = sanitizeInput($row['ticket_template_subject']);
@@ -69,7 +69,7 @@ if (isset($_POST['add_project'])) {
"SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
$task_template_count = mysqli_num_rows($sql_task_templates);
while ($row = mysqli_fetch_array($sql_task_templates)) {
while ($row = mysqli_fetch_assoc($sql_task_templates)) {
$task_template_id = intval($row['task_template_id']);
$task_template_order = intval($row['task_template_order']);
$task_template_name = sanitizeInput($row['task_template_name']);
@@ -116,7 +116,7 @@ if (isset($_GET['close_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_name, project_client_id FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$project_name = sanitizeInput($row['project_name']);
$client_id = intval($row['project_client_id']);
@@ -138,7 +138,7 @@ if (isset($_GET['archive_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_name, project_client_id FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$project_name = sanitizeInput($row['project_name']);
$client_id = intval($row['project_client_id']);
@@ -160,7 +160,7 @@ if (isset($_GET['unarchive_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_name, project_client_id FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$project_name = sanitizeInput($row['project_name']);
$client_id = sanitizeInput($row['project_client_id']);
@@ -184,7 +184,7 @@ if (isset($_GET['delete_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_name, project_client_id FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$project_name = sanitizeInput($row['project_name']);
$client_id = intval($row['project_client_id']);
@@ -206,7 +206,7 @@ if (isset($_POST['link_ticket_to_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_client_id, project_name FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['project_client_id']);
$project_name = sanitizeInput($row['project_name']);
@@ -221,7 +221,7 @@ if (isset($_POST['link_ticket_to_project'])) {
// Get Ticket Info
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
@@ -250,7 +250,7 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
// Get Project Name and Client ID for logging
$sql = mysqli_query($mysqli, "SELECT project_client_id, project_name FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['project_client_id']);
$project_name = sanitizeInput($row['project_name']);
@@ -260,7 +260,7 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
}
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);

48
agent/post/quote.php
View File

@@ -67,7 +67,7 @@ if (isset($_POST['add_quote_copy'])) {
$quote_number = mysqli_insert_id($mysqli);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$original_quote_prefix = sanitizeInput($row['quote_prefix']);
$original_quote_number = sanitizeInput($row['quote_number']);
$quote_discount_amount = floatval($row['quote_discount_amount']);
@@ -87,7 +87,7 @@ if (isset($_POST['add_quote_copy'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Quote copied!', history_quote_id = $new_quote_id");
$sql_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id");
while($row = mysqli_fetch_array($sql_items)) {
while($row = mysqli_fetch_assoc($sql_items)) {
$item_id = intval($row['item_id']);
$item_name = sanitizeInput($row['item_name']);
$item_description = sanitizeInput($row['item_description']);
@@ -120,7 +120,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
$date = sanitizeInput($_POST['date']);
$sql = mysqli_query($mysqli,"SELECT * FROM clients, quotes WHERE client_id = quote_client_id AND quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_net_terms = intval($row['client_net_terms']);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
@@ -156,7 +156,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created from quote $quote_prefix$quote_number', history_invoice_id = $new_invoice_id");
$sql_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id");
while($row = mysqli_fetch_array($sql_items)) {
while($row = mysqli_fetch_assoc($sql_items)) {
$item_id = intval($row['item_id']);
$item_name = sanitizeInput($row['item_name']);
$item_description = sanitizeInput($row['item_description']);
@@ -201,7 +201,7 @@ if (isset($_POST['add_quote_item'])) {
if ($tax_id > 0) {
$sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$tax_amount = $subtotal * $tax_percent / 100;
}else{
@@ -214,7 +214,7 @@ if (isset($_POST['add_quote_item'])) {
// Get Quote Details
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$quote_discount_amount = floatval($row['quote_discount_amount']);
@@ -223,7 +223,7 @@ if (isset($_POST['add_quote_item'])) {
//add up the total of all items
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id");
$quote_amount = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$quote_amount = $quote_amount + $item_total;
}
@@ -248,7 +248,7 @@ if (isset($_POST['quote_note'])) {
// Get Quote Details
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -273,7 +273,7 @@ if (isset($_POST['edit_quote'])) {
// Get Quote Details for logging
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -281,7 +281,7 @@ if (isset($_POST['edit_quote'])) {
//Calculate the new quote amount
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id");
$quote_amount = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$quote_amount = $quote_amount + $item_total;
}
@@ -305,7 +305,7 @@ if (isset($_GET['delete_quote'])) {
// Get Quote Details for logging
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -314,14 +314,14 @@ if (isset($_GET['delete_quote'])) {
//Delete Items Associated with the Quote
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id");
while($row = mysqli_fetch_array($sql)) {;
while($row = mysqli_fetch_assoc($sql)) {;
$item_id = intval($row['item_id']);
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
}
//Delete History Associated with the Quote
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id");
while($row = mysqli_fetch_array($sql)) {;
while($row = mysqli_fetch_assoc($sql)) {;
$history_id = intval($row['history_id']);
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
@@ -346,7 +346,7 @@ if (isset($_GET['delete_quote_item'])) {
$item_id = intval($_GET['delete_quote_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$item_name = sanitizeInput($row['item_name']);
$quote_id = intval($row['item_quote_id']);
$item_subtotal = floatval($row['item_subtotal']);
@@ -354,7 +354,7 @@ if (isset($_GET['delete_quote_item'])) {
$item_total = floatval($row['item_total']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -380,7 +380,7 @@ if (isset($_GET['mark_quote_sent'])) {
$quote_id = intval($_GET['mark_quote_sent']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -404,7 +404,7 @@ if (isset($_GET['accept_quote'])) {
$quote_id = intval($_GET['accept_quote']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -430,7 +430,7 @@ if (isset($_GET['decline_quote'])) {
$quote_id = intval($_GET['decline_quote']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -461,7 +461,7 @@ if (isset($_GET['email_quote'])) {
WHERE quote_id = $quote_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$quote_scope = sanitizeInput($row['quote_scope']);
@@ -477,7 +477,7 @@ if (isset($_GET['email_quote'])) {
$contact_email = sanitizeInput($row['contact_email']);
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_country = sanitizeInput($row['company_country']);
@@ -534,7 +534,7 @@ if (isset($_GET['mark_quote_invoiced'])) {
$quote_id = intval($_GET['mark_quote_invoiced']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
@@ -624,7 +624,7 @@ if (isset($_GET['export_quote_pdf'])) {
LIMIT 1"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_id = intval($row['quote_id']);
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
@@ -660,7 +660,7 @@ if (isset($_GET['export_quote_pdf'])) {
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_id = intval($row['company_id']);
$company_name = nullable_htmlentities($row['company_name']);
@@ -763,7 +763,7 @@ if (isset($_GET['export_quote_pdf'])) {
$total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) {
while ($item = mysqli_fetch_assoc($sql_items)) {
$name = $item['item_name'];
$desc = $item['item_description'];
$qty = $item['item_quantity'];

12
agent/post/rack.php
View File

@@ -99,7 +99,7 @@ if (isset($_GET['archive_rack'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
@@ -121,7 +121,7 @@ if (isset($_GET['unarchive_rack'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
@@ -143,7 +143,7 @@ if (isset($_GET['delete_rack'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id, rack_photo FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$rack_photo = sanitizeInput($row['rack_photo']);
$client_id = intval($row['rack_client_id']);
@@ -176,7 +176,7 @@ if (isset($_POST['add_rack_unit'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
@@ -222,7 +222,7 @@ if (isset($_POST['edit_rack_unit'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
@@ -244,7 +244,7 @@ if (isset($_GET['remove_rack_unit'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_id, rack_client_id FROM racks LEFT JOIN rack_units ON unit_rack_id = rack_id WHERE unit_id = $unit_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$rack_name = sanitizeInput($row['rack_name']);
$unit_device = sanitizeInput($row['unit_device']);
$client_id = intval($row['rack_client_id']);

2
agent/post/recurring_expense.php
View File

@@ -72,7 +72,7 @@ if (isset($_GET['delete_recurring_expense'])) {
// Get Recurring Expense Details for Logging
$sql = mysqli_query($mysqli,"SELECT recurring_expense_description, recurring_expense_client_id FROM recurring_expenses WHERE recurring_expense_id = $recurring_expense_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_expense_description = sanitizeInput($row['recurring_expense_description']);
$client_id = intval($row['recurring_expense_client_id']);

46
agent/post/recurring_invoice.php
View File

@@ -12,7 +12,7 @@ if (isset($_POST['add_invoice_recurring'])) {
$recurring_invoice_frequency = sanitizeInput($_POST['frequency']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_date = sanitizeInput($row['invoice_date']);
@@ -41,7 +41,7 @@ if (isset($_POST['add_invoice_recurring'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Recurring Invoice Created from INVOICE!', history_recurring_invoice_id = $recurring_invoice_id");
$sql_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id");
while($row = mysqli_fetch_array($sql_items)) {
while($row = mysqli_fetch_assoc($sql_items)) {
$item_id = intval($row['item_id']);
$item_name = sanitizeInput($row['item_name']);
$item_description = sanitizeInput($row['item_description']);
@@ -109,7 +109,7 @@ if (isset($_POST['edit_recurring_invoice'])) {
// Get Recurring Invoice Details and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT recurring_invoice_prefix, recurring_invoice_number, recurring_invoice_client_id FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);
@@ -117,7 +117,7 @@ if (isset($_POST['edit_recurring_invoice'])) {
//Calculate new total
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
$recurring_invoice_amount = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$recurring_invoice_amount = $recurring_invoice_amount + $item_total;
}
@@ -141,7 +141,7 @@ if (isset($_GET['delete_recurring_invoice'])) {
// Get Recurring Invoice Details and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT recurring_invoice_prefix, recurring_invoice_number, recurring_invoice_scope, recurring_invoice_client_id FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$recurring_invoice_scope = sanitizeInput($row['recurring_invoice_scope']);
@@ -151,14 +151,14 @@ if (isset($_GET['delete_recurring_invoice'])) {
//Delete Items Associated with the Recurring
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_id = intval($row['item_id']);
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
}
//Delete History Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_recurring_invoice_id = $recurring_invoice_id");
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$history_id = intval($row['history_id']);
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
@@ -185,7 +185,7 @@ if (isset($_POST['add_recurring_invoice_item'])) {
if ($tax_id > 0) {
$sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$tax_amount = $subtotal * $tax_percent / 100;
} else {
@@ -198,7 +198,7 @@ if (isset($_POST['add_recurring_invoice_item'])) {
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_discount = floatval($row['recurring_invoice_discount_amount']);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
@@ -207,7 +207,7 @@ if (isset($_POST['add_recurring_invoice_item'])) {
//add up all the items
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
$recurring_invoice_amount = 0;
while($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_assoc($sql)) {
$item_total = floatval($row['item_total']);
$recurring_invoice_amount = $recurring_invoice_amount + $item_total;
}
@@ -230,7 +230,7 @@ if (isset($_POST['recurring_invoice_note'])) {
// Get Recurring details for logging
$sql = mysqli_query($mysqli,"SELECT recurring_invoice_prefix, recurring_invoice_number, recurring_invoice_client_id FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);
@@ -250,7 +250,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
$item_id = intval($_GET['delete_recurring_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_id = intval($row['item_recurring_invoice_id']);
$item_name = sanitizeInput($row['item_name']);
$item_subtotal = floatval($row['item_subtotal']);
@@ -258,7 +258,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
$item_total = floatval($row['item_total']);
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);
@@ -283,7 +283,7 @@ if (isset($_GET['force_recurring'])) {
$sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql_recurring_invoices);
$row = mysqli_fetch_assoc($sql_recurring_invoices);
$recurring_invoice_id = intval($row['recurring_invoice_id']);
$recurring_invoice_scope = sanitizeInput($row['recurring_invoice_scope']);
$recurring_invoice_frequency = sanitizeInput($row['recurring_invoice_frequency']);
@@ -319,7 +319,7 @@ if (isset($_GET['force_recurring'])) {
//Copy Items from original invoice to new invoice
$sql_invoice_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id ORDER BY item_id ASC");
while($row = mysqli_fetch_array($sql_invoice_items)) {
while($row = mysqli_fetch_assoc($sql_invoice_items)) {
$item_id = intval($row['item_id']);
$item_name = sanitizeInput($row['item_name']);
$item_description = sanitizeInput($row['item_description']);
@@ -332,7 +332,7 @@ if (isset($_GET['force_recurring'])) {
//Recalculate Item Tax since Tax percents can change.
if ($tax_id > 0) {
$sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$item_tax_amount = $item_subtotal * $tax_percent / 100;
} else {
@@ -351,7 +351,7 @@ if (isset($_GET['force_recurring'])) {
//Update Recurring Balances by tallying up recurring items also update recurring dates
$sql_recurring_invoice_total = mysqli_query($mysqli,"SELECT SUM(item_total) AS recurring_invoice_total FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql_recurring_invoice_total);
$row = mysqli_fetch_assoc($sql_recurring_invoice_total);
$new_recurring_invoice_amount = floatval($row['recurring_invoice_total']) - $recurring_invoice_discount_amount;
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount, recurring_invoice_last_sent = CURDATE(), recurring_invoice_next_date = DATE_ADD(CURDATE(), INTERVAL 1 $recurring_invoice_frequency) WHERE recurring_invoice_id = $recurring_invoice_id");
@@ -365,7 +365,7 @@ if (isset($_GET['force_recurring'])) {
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
WHERE invoice_id = $new_invoice_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -383,7 +383,7 @@ if (isset($_GET['force_recurring'])) {
$contact_mobile = sanitizeInput(formatPhoneNumber($row['contact_mobile'], $row['contact_mobile_country_code']));
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
$company_email = sanitizeInput($row['company_email']);
@@ -445,7 +445,7 @@ if (isset($_POST['set_recurring_payment'])) {
// Get Recurring Invoice Info for logging and alerting
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['recurring_invoice_client_id']);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
@@ -461,7 +461,7 @@ if (isset($_POST['set_recurring_payment'])) {
WHERE saved_payment_id = $saved_payment_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$provider_id = intval($row['payment_provider_id']);
$provider_name = sanitizeInput($row['payment_provider_name']);
@@ -495,7 +495,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
//get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = $row['client_name'];
@@ -543,7 +543,7 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
$recurring_invoice_id = intval($_GET['recurring_invoice_id']);
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);

22
agent/post/recurring_ticket.php
View File

@@ -77,7 +77,7 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
if (mysqli_num_rows($sql) > 0) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$subject = sanitizeInput($row['recurring_ticket_subject']);
$details = mysqli_real_escape_string($mysqli, $row['recurring_ticket_details']);
$priority = sanitizeInput($row['recurring_ticket_priority']);
@@ -136,7 +136,7 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -215,7 +215,7 @@ if (isset($_GET['force_recurring_ticket'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
if (mysqli_num_rows($sql) > 0) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$subject = sanitizeInput($row['recurring_ticket_subject']);
$details = mysqli_real_escape_string($mysqli, $row['recurring_ticket_details']);
$priority = sanitizeInput($row['recurring_ticket_priority']);
@@ -274,7 +274,7 @@ if (isset($_GET['force_recurring_ticket'])) {
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -352,7 +352,7 @@ if (isset($_GET['delete_recurring_ticket'])) {
// Get Scheduled Ticket Subject Ticket Prefix, Number and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$subject = sanitizeInput($row['recurring_ticket_subject']);
$frequency = sanitizeInput($row['recurring_ticket_frequency']);
@@ -414,7 +414,7 @@ if (isset($_POST['bulk_assign_recurring_ticket'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_ticket_name = sanitizeInput($row['recurring_ticket_name']);
$recurring_ticket_subject = sanitizeInput($row['recurring_ticket_subject']);
@@ -427,7 +427,7 @@ if (isset($_POST['bulk_assign_recurring_ticket'])) {
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_details = mysqli_fetch_assoc($agent_details_sql);
$agent_name = sanitizeInput($agent_details['user_name']);
$agent_email = sanitizeInput($agent_details['user_email']);
@@ -502,7 +502,7 @@ if (isset($_POST['bulk_edit_recurring_ticket_priority'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_ticket_subject = sanitizeInput($row['recurring_ticket_subject']);
$original_recurring_ticket_priority = sanitizeInput($row['recurring_ticket_priority']);
@@ -539,7 +539,7 @@ if (isset($_POST['bulk_edit_recurring_ticket_category'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
$sql = mysqli_query($mysqli, "SELECT recurring_ticket_subject, category_name, recurring_ticket_client_id FROM recurring_tickets LEFT JOIN categories ON recurring_ticket_category = category_id WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_ticket_subject = sanitizeInput($row['recurring_ticket_subject']);
$previous_recurring_ticket_category_name = sanitizeInput($row['category_name']);
@@ -583,7 +583,7 @@ if (isset($_POST['bulk_edit_recurring_ticket_billable'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
$sql = mysqli_query($mysqli, "SELECT recurring_ticket_subject, recurring_ticket_client_id FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_ticket_subject = sanitizeInput($row['recurring_ticket_subject']);
$previous_recurring_ticket_billable = intval($row['recurring_ticket_billable']);
@@ -624,7 +624,7 @@ if (isset($_POST['bulk_edit_recurring_ticket_next_run_date'])) {
$recurring_ticket_id = intval($recurring_ticket_id);
$sql = mysqli_query($mysqli, "SELECT recurring_ticket_subject, recurring_ticket_client_id FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$recurring_ticket_subject = sanitizeInput($row['recurring_ticket_subject']);
$previous_recurring_ticket_next_run_date = sanitizeInput($row['recurring_ticket_next_run']);

16
agent/post/service.php
View File

@@ -22,12 +22,12 @@ if (isset($_POST['add_service'])) {
mysqli_query($mysqli, "INSERT INTO services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_client_id = $client_id");
// Create links to assets
$service_id = mysqli_insert_id($mysqli);
if (isset($_POST['contacts'])) {
foreach($_POST['contacts'] as $contact_id) {
$contact_id = intval($contact_id);
$contact_id = intval($contact_id);
mysqli_query($mysqli, "INSERT INTO service_contacts SET service_id = $service_id, contact_id = $contact_id");
}
}
@@ -77,7 +77,7 @@ if (isset($_POST['add_service'])) {
logAction("Service", "Create", "$session_name created service $service_name", $client_id, $service_id);
flash_alert("Service <strong>$service_name</strong> created");
redirect();
}
@@ -160,7 +160,7 @@ if (isset($_POST['edit_service'])) {
logAction("Service", "Edit", "$session_name edited service $service_name", $client_id, $service_id);
flash_alert("Service <strong>$service_name</strong> edited");
redirect();
}
@@ -170,12 +170,12 @@ if (isset($_GET['delete_service'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$service_id = intval($_GET['delete_service']);
// Get Service Details
$sql = mysqli_query($mysqli,"SELECT service_name, service_client_id FROM services WHERE service_id = $service_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
@@ -183,9 +183,9 @@ if (isset($_GET['delete_service'])) {
mysqli_query($mysqli, "DELETE FROM services WHERE service_id = $service_id");
logAction("Service", "Delete", "$session_name deleted service $service_name", $client_id);
flash_alert("Service <strong>$service_name</strong> deleted", 'error');
redirect();
}

10
agent/post/software.php
View File

@@ -16,7 +16,7 @@ if (isset($_POST['add_software_from_template'])) {
// GET Software Template Info
$sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software_templates WHERE software_template_id = $software_template_id");
$row = mysqli_fetch_array($sql_software_templates);
$row = mysqli_fetch_assoc($sql_software_templates);
$name = sanitizeInput($row['software_template_name']);
$version = sanitizeInput($row['software_template_version']);
$description = sanitizeInput($row['software_template_description']);
@@ -164,7 +164,7 @@ if (isset($_GET['archive_software'])) {
// Get Software Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -190,7 +190,7 @@ if (isset($_GET['delete_software'])) {
// Get Software Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT software_name, software_client_id FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
@@ -249,7 +249,7 @@ if (isset($_POST['export_software_csv'])) {
ON software_assets.asset_id = assets.asset_id
WHERE software_id = $row[software_id]"
);
while($asset_row = mysqli_fetch_array($asset_licenses_sql)) {
while($asset_row = mysqli_fetch_assoc($asset_licenses_sql)) {
$assigned_to_assets .= $asset_row['asset_name'] . ", ";
}
@@ -262,7 +262,7 @@ if (isset($_POST['export_software_csv'])) {
WHERE software_id = $row[software_id]"
);
while($contact_row = mysqli_fetch_array($contact_licenses_sql)) {
while($contact_row = mysqli_fetch_assoc($contact_licenses_sql)) {
$assigned_to_contacts .= $contact_row['contact_name'] . ", ";
}

22
agent/post/task.php
View File

@@ -15,7 +15,7 @@ if (isset($_POST['add_task'])) {
// Get Client ID from tickets using the ticket_id
$client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
$task_id = mysqli_insert_id($mysqli);
@@ -39,9 +39,9 @@ if (isset($_POST['edit_ticket_task'])) {
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
mysqli_query($mysqli, "UPDATE tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate WHERE task_id = $task_id");
logAction("Task", "Edit", "$session_name edited task $task_name", $client_id, $task_id);
@@ -81,7 +81,7 @@ if (isset($_GET['delete_task'])) {
// Get Client ID, task name from tasks and tickets using the task_id
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$task_name = sanitizeInput($row['task_name']);
@@ -103,7 +103,7 @@ if (isset($_GET['complete_task'])) {
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$task_name = sanitizeInput($row['task_name']);
$task_completion_estimate = intval($row['task_completion_estimate']);
@@ -135,7 +135,7 @@ if (isset($_GET['undo_complete_task'])) {
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$task_name = sanitizeInput($row['task_name']);
$ticket_id = intval($row['ticket_id']);
@@ -175,7 +175,7 @@ if (isset($_POST['add_ticket_task_approver'])) {
$approval_id = mysqli_insert_id($mysqli);
// Task/Ticket Info
$tt_row = mysqli_fetch_array(mysqli_query($mysqli, "
$tt_row = mysqli_fetch_assoc(mysqli_query($mysqli, "
SELECT * FROM tasks
LEFT JOIN tickets ON ticket_id = task_ticket_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
@@ -200,7 +200,7 @@ if (isset($_POST['add_ticket_task_approver'])) {
$config_base_url = sanitizeInput($config_base_url);
// Get Company Info
$crow = mysqli_fetch_array(mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"));
$crow = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"));
$company_name = sanitizeInput($crow['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($crow['company_phone'], $crow['company_phone_country_code']));
@@ -267,7 +267,7 @@ if (isset($_POST['add_ticket_task_approver'])) {
$data = [];
while ($technical_contact = mysqli_fetch_array($sql_technical_contacts)) {
while ($technical_contact = mysqli_fetch_assoc($sql_technical_contacts)) {
$technical_contact_name = sanitizeInput($technical_contact['contact_name']);
$technical_contact_email = sanitizeInput($technical_contact['contact_email']);
@@ -300,7 +300,7 @@ if (isset($_POST['add_ticket_task_approver'])) {
$data = [];
while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
while ($billing_contact = mysqli_fetch_assoc($sql_billing_contacts)) {
$billing_contact_name = sanitizeInput($billing_contact['contact_name']);
$billing_contact_email = sanitizeInput($billing_contact['contact_email']);
@@ -336,7 +336,7 @@ if (isset($_GET['approve_ticket_task'])) {
$task_id = intval($_GET['approve_task']);
$approval_id = intval($_GET['approval_id']);
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'"));
$approval_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'"));
$task_name = nullable_htmlentities($approval_row['task_name']);
$scope = nullable_htmlentities($approval_row['approval_scope']);

122
agent/post/ticket.php
View File

@@ -46,7 +46,7 @@ if (isset($_POST['add_ticket'])) {
// Add the primary contact as the ticket contact if "Use primary contact" is checked
if ($use_primary_contact == 1) {
$sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact = intval($row['contact_id']);
}
@@ -80,7 +80,7 @@ if (isset($_POST['add_ticket'])) {
$sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
if (mysqli_num_rows($sql_task_templates) > 0) {
while ($row = mysqli_fetch_array($sql_task_templates)) {
while ($row = mysqli_fetch_assoc($sql_task_templates)) {
$task_order = intval($row['task_template_order']);
$task_name = sanitizeInput($row['task_template_name']);
$task_completion_estimate = intval($row['task_template_completion_estimate']);
@@ -114,7 +114,7 @@ if (isset($_POST['add_ticket'])) {
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -132,7 +132,7 @@ if (isset($_POST['add_ticket'])) {
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -162,7 +162,7 @@ if (isset($_POST['add_ticket'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU HAVE BEEN ADDED AS A COLLABORATOR FOR THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -244,7 +244,7 @@ if (isset($_POST['edit_ticket'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
AND ticket_closed_at IS NULL");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -263,7 +263,7 @@ if (isset($_POST['edit_ticket'])) {
// Get Company Name Phone Number and Sanitize for Email Sending
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -315,7 +315,7 @@ if (isset($_POST['edit_ticket_priority'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$original_priority = sanitizeInput($row['ticket_priority']);
@@ -353,7 +353,7 @@ if (isset($_POST['edit_ticket_contact'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
// Original contact
$original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
@@ -372,7 +372,7 @@ if (isset($_POST['edit_ticket_contact'])) {
// Get New contact details
$sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
$contact_email = sanitizeInput($row['contact_email']);
@@ -382,7 +382,7 @@ if (isset($_POST['edit_ticket_contact'])) {
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -458,7 +458,7 @@ if (isset($_POST['add_ticket_watcher'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
AND ticket_closed_at IS NULL");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -474,7 +474,7 @@ if (isset($_POST['add_ticket_watcher'])) {
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -533,7 +533,7 @@ if (isset($_GET['delete_ticket_watcher'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE watcher_id = $watcher_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -568,7 +568,7 @@ if (isset($_GET['delete_ticket_additional_asset'])) {
JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE asset_id = $asset_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -617,7 +617,7 @@ if (isset($_POST['edit_ticket_asset'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -648,7 +648,7 @@ if (isset($_POST['edit_ticket_vendor'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -685,7 +685,7 @@ if (isset($_POST['assign_ticket'])) {
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_details = mysqli_fetch_assoc($agent_details_sql);
$agent_name = sanitizeInput($agent_details['user_name']);
$agent_email = sanitizeInput($agent_details['user_email']);
@@ -699,7 +699,7 @@ if (isset($_POST['assign_ticket'])) {
// Get & verify ticket details
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5");
$ticket_details = mysqli_fetch_array($ticket_details_sql);
$ticket_details = mysqli_fetch_assoc($ticket_details_sql);
$ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']);
$ticket_number = intval($ticket_details['ticket_number']);
@@ -771,7 +771,7 @@ if (isset($_GET['delete_ticket'])) {
// Get Ticket and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = sanitizeInput($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
@@ -868,7 +868,7 @@ if (isset($_POST['bulk_assign_ticket'])) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -888,7 +888,7 @@ if (isset($_POST['bulk_assign_ticket'])) {
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_details = mysqli_fetch_assoc($agent_details_sql);
$agent_name = sanitizeInput($agent_details['user_name']);
$agent_email = sanitizeInput($agent_details['user_email']);
@@ -969,7 +969,7 @@ if (isset($_POST['bulk_edit_ticket_priority'])) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1013,7 +1013,7 @@ if (isset($_POST['bulk_edit_ticket_category'])) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1056,7 +1056,7 @@ if (isset($_POST['bulk_merge_tickets'])) {
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
}
$merge_row = mysqli_fetch_array($sql);
$merge_row = mysqli_fetch_assoc($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID
// Update & Close the selected tickets
@@ -1070,7 +1070,7 @@ if (isset($_POST['bulk_merge_tickets'])) {
if ($ticket_id !== $merge_into_ticket_id) {
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1141,7 +1141,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
$ticket_count++;
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1173,7 +1173,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$row = mysqli_fetch_assoc($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -1185,7 +1185,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
// Get Company Info
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -1214,7 +1214,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -1270,7 +1270,7 @@ if (isset($_POST['bulk_ticket_reply'])) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1321,7 +1321,7 @@ if (isset($_POST['bulk_ticket_reply'])) {
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -1334,7 +1334,7 @@ if (isset($_POST['bulk_ticket_reply'])) {
$base_url = sanitizeInput($config_base_url);
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -1364,7 +1364,7 @@ if (isset($_POST['bulk_ticket_reply'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -1412,7 +1412,7 @@ if (isset($_POST['bulk_add_ticket_project'])) {
// Get Project Name
$sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$project_name = sanitizeInput($row['project_name']);
// Assign Project to Selected Tickets
@@ -1425,7 +1425,7 @@ if (isset($_POST['bulk_add_ticket_project'])) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
@@ -1473,7 +1473,7 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
// Check to see if adding a ticket by template
if($ticket_template_id) {
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
// Override Template Subject
if(empty($subject)) {
@@ -1496,7 +1496,7 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
$asset_id = intval($asset_id);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
@@ -1541,7 +1541,7 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
// Add Tasks from Template if Template was selected
if($ticket_template_id) {
if (mysqli_num_rows($sql_task_templates) > 0) {
while ($row = mysqli_fetch_array($sql_task_templates)) {
while ($row = mysqli_fetch_assoc($sql_task_templates)) {
$task_order = intval($row['task_template_order']);
$task_name = sanitizeInput($row['task_template_name']);
@@ -1624,7 +1624,7 @@ if (isset($_POST['add_ticket_reply'])) {
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$row = mysqli_fetch_assoc($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -1645,7 +1645,7 @@ if (isset($_POST['add_ticket_reply'])) {
$config_base_url = sanitizeInput($config_base_url);
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -1683,7 +1683,7 @@ if (isset($_POST['add_ticket_reply'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -1808,7 +1808,7 @@ if (isset($_POST['merge_ticket'])) {
redirect();
}
// CURRENT ticket details
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
@@ -1822,7 +1822,7 @@ if (isset($_POST['merge_ticket'])) {
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
}
$merge_row = mysqli_fetch_array($sql);
$merge_row = mysqli_fetch_assoc($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']);
$client_id = intval($merge_row['ticket_client_id']);
if ($client_id) {
@@ -1898,7 +1898,7 @@ if (isset($_GET['resolve_ticket'])) {
$ticket_id = intval($_GET['resolve_ticket']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
@@ -1925,7 +1925,7 @@ if (isset($_GET['resolve_ticket'])) {
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$row = mysqli_fetch_assoc($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -1944,7 +1944,7 @@ if (isset($_GET['resolve_ticket'])) {
// Get Company Info
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -1973,7 +1973,7 @@ if (isset($_GET['resolve_ticket'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -2021,7 +2021,7 @@ if (isset($_GET['close_ticket'])) {
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$row = mysqli_fetch_assoc($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
@@ -2037,7 +2037,7 @@ if (isset($_GET['close_ticket'])) {
// Get Company Info
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
@@ -2066,7 +2066,7 @@ if (isset($_GET['close_ticket'])) {
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
@@ -2128,7 +2128,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['client_id']);
$client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) {
@@ -2173,7 +2173,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
$invoice_id = mysqli_insert_id($mysqli);
} else {
$sql_invoice = mysqli_query($mysqli, "SELECT invoice_prefix, invoice_number FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_invoice);
$row = mysqli_fetch_assoc($sql_invoice);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
}
@@ -2189,7 +2189,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
if ($tax_id > 0) {
$sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_id = $tax_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$tax_percent = floatval($row['tax_percent']);
$tax_amount = $subtotal * $tax_percent / 100;
} else {
@@ -2203,7 +2203,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
//Update Invoice Balances
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$new_invoice_amount = floatval($row['invoice_amount']) + $total;
@@ -2292,7 +2292,7 @@ if (isset($_POST['edit_ticket_billable_status'])) {
// Get ticket details for logging
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$client_id = intval($row['ticket_client_id']);
@@ -2331,7 +2331,7 @@ if (isset($_POST['edit_ticket_schedule'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id");
if (mysqli_num_rows($sql) > 0) {
$conflicting_tickets = [];
while ($row = mysqli_fetch_array($sql)) {
while ($row = mysqli_fetch_assoc($sql)) {
$conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule'];
}
}
@@ -2343,7 +2343,7 @@ if (isset($_POST['edit_ticket_schedule'])) {
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$client_name = sanitizeInput($row['client_name']);
@@ -2416,7 +2416,7 @@ if (isset($_POST['edit_ticket_schedule'])) {
// Notify the watchers of the scheduled work
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
while ($row = mysqli_fetch_array($sql_watchers)) {
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
$data[] = [
'from' => $config_ticket_from_email,
@@ -2480,7 +2480,7 @@ if (isset($_GET['cancel_ticket_schedule'])) {
$ticket_id = intval($_GET['cancel_ticket_schedule']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
@@ -2508,7 +2508,7 @@ if (isset($_GET['cancel_ticket_schedule'])) {
LEFT JOIN users ON ticket_assigned_to = user_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['ticket_client_id']);
$client_name = sanitizeInput($row['client_name']);

6
agent/post/transfer.php
View File

@@ -14,13 +14,13 @@ if (isset($_POST['add_transfer'])) {
// Get Source Account Name for logging
$sql = mysqli_query($mysqli,"SELECT account_name, account_currency_code FROM accounts WHERE account_id = $account_from");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$source_account_name = sanitizeInput($row['account_name']);
$account_currency_code = sanitizeInput($row['account_currency_code']);
// Get Destination Account Name for logging
$sql = mysqli_query($mysqli,"SELECT account_name FROM accounts WHERE account_id = $account_to");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$destination_account_name = sanitizeInput($row['account_name']);
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_vendor_id = 0, expense_category_id = 0, expense_account_id = $account_from");
@@ -72,7 +72,7 @@ if (isset($_GET['delete_transfer'])) {
$transfer_id = intval($_GET['delete_transfer']);
// Query the transfer ID to get the Payment and Expense IDs, so we can delete those as well
$row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id"));
$expense_id = intval($row['transfer_expense_id']);
$revenue_id = intval($row['transfer_revenue_id']);

14
agent/post/vendor.php
View File

@@ -15,7 +15,7 @@ if (isset($_POST['add_vendor_from_template'])) {
//GET Vendor Info
$sql_vendor_templates = mysqli_query($mysqli,"SELECT * FROM vendor_templates WHERE vendor_template_id = $vendor_template_id");
$row = mysqli_fetch_array($sql_vendor_templates);
$row = mysqli_fetch_assoc($sql_vendor_templates);
$name = sanitizeInput($row['vendor_template_name']);
$description = sanitizeInput($row['vendor_template_description']);
@@ -90,7 +90,7 @@ if (isset($_GET['archive_vendor'])) {
//Get Vendor Name
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
@@ -110,7 +110,7 @@ if(isset($_GET['unarchive_vendor'])){
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT vendor_name, vendor_client_id FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
@@ -130,7 +130,7 @@ if (isset($_GET['delete_vendor'])) {
//Get Vendor Name
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
$vendor_template_id = intval($row['vendor_template_id']);
@@ -168,7 +168,7 @@ if (isset($_POST['bulk_archive_vendors'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT vendor_name, vendor_client_id FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
@@ -205,7 +205,7 @@ if (isset($_POST['bulk_unarchive_vendors'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT vendor_name, vendor_client_id FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
@@ -243,7 +243,7 @@ if (isset($_POST['bulk_delete_vendors'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT vendor_name, vendor_client_id, vendor_template_id FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['vendor_client_id']);
$vendor_template_id = intval($row['vendor_template_id']);

28
agent/post/vendor_contact.php
View File

@@ -50,7 +50,7 @@ if (isset($_POST['bulk_archive_vendor_contacts'])) {
//validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
enforceUserPermission('module_client', 2);
if (isset($_POST['vendor_contact_ids'])) {
@@ -63,7 +63,7 @@ if (isset($_POST['bulk_archive_vendor_contacts'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT vendor_contact_name, vendor_contact_client_id FROM vendor_contacts WHERE vendor_contact_id = $vendor_contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$vendor_contact_name = sanitizeInput($row['vendor_contact_name']);
$client_id = intval($row['contact_client_id']);
@@ -84,7 +84,7 @@ if (isset($_POST['bulk_unarchive_vendor_contacts'])) {
//validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
@@ -97,7 +97,7 @@ if (isset($_POST['bulk_unarchive_vendor_contacts'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -128,7 +128,7 @@ if (isset($_POST['bulk_delete_vendor_contacts'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 3);
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
@@ -141,7 +141,7 @@ if (isset($_POST['bulk_delete_vendor_contacts'])) {
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -184,7 +184,7 @@ if (isset($_GET['archive_vendor_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -195,7 +195,7 @@ if (isset($_GET['archive_vendor_contact'])) {
}
mysqli_query($mysqli,"UPDATE contacts SET contact_important = 0, contact_billing = 0, contact_technical = 0, contact_archived_at = NOW() WHERE contact_id = $contact_id");
logAction("Contact", "Archive", "$session_name archived contact $contact_name", $client_id, $contact_id);
flash_alert("Contact <strong>$contact_name</strong> has been archived", 'alert');
@@ -212,7 +212,7 @@ if (isset($_GET['unarchive_vendor_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -240,7 +240,7 @@ if (isset($_GET['delete_vendor_contact'])) {
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
$contact_user_id = intval($row['contact_user_id']);
@@ -276,7 +276,7 @@ if (isset($_POST['export_vendor_contacts_csv'])) {
//get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = $row['client_name'];
@@ -409,7 +409,7 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
logAction("Contact", "Import", "$session_name imported $row_count contact(s) via CSV file", $client_id);
flash_alert("$row_count Contact(s) added, $duplicate_count duplicate(s) detected", 'warning');
redirect();
}
//Check for any errors, if there are notify user and redirect
@@ -420,12 +420,12 @@ if (isset($_POST["import_vendor_contacts_csv"])) {
}
if (isset($_GET['download_vendor_contacts_csv_template'])) {
$client_id = intval($_GET['download_client_contacts_csv_template']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$client_name = $row['client_name'];