AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

recurring invoices: enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 18:01:20 -05:00
parent 202f55c2ff
commit 111a30f13c
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
agent/post/recurring_invoice.php
View File

@@ -27,6 +27,8 @@ if (isset($_POST['add_invoice_recurring'])) {
$client_id = intval($row['invoice_client_id']); $client_id = intval($row['invoice_client_id']);
$category_id = intval($row['invoice_category_id']); $category_id = intval($row['invoice_category_id']);
enforceClientAccess();
// Atomically increment and get the new recurring_invoice number // Atomically increment and get the new recurring_invoice number
mysqli_query($mysqli, " mysqli_query($mysqli, "
UPDATE settings UPDATE settings
@@ -80,6 +82,8 @@ if (isset($_POST['add_recurring_invoice'])) {
$category = intval($_POST['category']); $category = intval($_POST['category']);
$scope = sanitizeInput($_POST['scope']); $scope = sanitizeInput($_POST['scope']);
enforceClientAccess();
// Atomically increment and get the new recurring_invoice number // Atomically increment and get the new recurring_invoice number
mysqli_query($mysqli, " mysqli_query($mysqli, "
UPDATE settings UPDATE settings
@@ -126,6 +130,8 @@ if (isset($_POST['edit_recurring_invoice'])) {
$recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
enforceClientAccess();
//Calculate new total //Calculate new total
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id"); $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id");
$recurring_invoice_amount = 0; $recurring_invoice_amount = 0;
@@ -163,6 +169,8 @@ if (isset($_GET['delete_recurring_invoice'])) {
$recurring_invoice_scope = sanitizeInput($row['recurring_invoice_scope']); $recurring_invoice_scope = sanitizeInput($row['recurring_invoice_scope']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id"); mysqli_query($mysqli,"DELETE FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
//Delete Items Associated with the Recurring //Delete Items Associated with the Recurring
@@ -201,6 +209,10 @@ if (isset($_POST['add_recurring_invoice_item'])) {
$tax_id = intval($_POST['tax_id']); $tax_id = intval($_POST['tax_id']);
$item_order = intval($_POST['item_order']); $item_order = intval($_POST['item_order']);
$client_id = intval(getFieldById('recurring_invoices', $recurring_invoice_id, 'recurring_invoice_client_id'));
enforceClientAccess();
$subtotal = $price * $qty; $subtotal = $price * $qty;
if ($tax_id > 0) { if ($tax_id > 0) {
@@ -259,6 +271,8 @@ if (isset($_POST['recurring_invoice_note'])) {
$recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_note = '$note' WHERE recurring_invoice_id = $recurring_invoice_id"); mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_note = '$note' WHERE recurring_invoice_id = $recurring_invoice_id");
logAction("Recurring Invoice", "Edit", "$session_name added note to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id); logAction("Recurring Invoice", "Edit", "$session_name added note to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
@@ -291,6 +305,8 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
$recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
enforceClientAccess();
$new_recurring_invoice_amount = floatval($row['recurring_invoice_amount']) - $item_total; $new_recurring_invoice_amount = floatval($row['recurring_invoice_amount']) - $item_total;
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id"); mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
@@ -330,6 +346,8 @@ if (isset($_GET['force_recurring'])) {
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
enforceClientAccess();
// Atomically increment and get the new invoice number // Atomically increment and get the new invoice number
mysqli_query($mysqli, " mysqli_query($mysqli, "
UPDATE settings UPDATE settings
@@ -488,6 +506,8 @@ if (isset($_POST['set_recurring_payment'])) {
$recurring_invoice_currency_code = sanitizeInput($row['recurring_invoice_currency_code']); $recurring_invoice_currency_code = sanitizeInput($row['recurring_invoice_currency_code']);
$recurring_invoice_amount = floatval($row['recurring_invoice_amount']); $recurring_invoice_amount = floatval($row['recurring_invoice_amount']);
enforceClientAccess();
if ($saved_payment_id) { if ($saved_payment_id) {
// Get Payment provider and method // Get Payment provider and method
@@ -533,6 +553,8 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
enforceClientAccess();
//get records from database //get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id"); $sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_assoc($sql); $row = mysqli_fetch_assoc($sql);
@@ -592,6 +614,8 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
$recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_email_notify = $recurring_invoice_email_notify WHERE recurring_invoice_id = $recurring_invoice_id"); mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_email_notify = $recurring_invoice_email_notify WHERE recurring_invoice_id = $recurring_invoice_id");
// Wording // Wording