]*>/', '', $ticket_reply); // Remove the start or
+ $ticket_reply = preg_replace('/
/', '
', $ticket_reply); // Replace the end
+
+ // Slightly different email subject/text depending on if this update closed the ticket or not
+
+ if ($ticket_status == 'Closed') {
+ $subject = "Ticket closed - [$ticket_prefix$ticket_number] - $ticket_subject | (do not reply)";
+ $body = "Hello, $contact_name
Your ticket regarding \"$ticket_subject\" has been closed.
--------------------------------
$ticket_reply--------------------------------
We hope the issue was resolved to your satisfaction. If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email.
Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id
~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone";
+
+ } elseif ($ticket_status == 'Auto Close') {
+ $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
+ $body = "##- Please type your reply above this line -##
Hello, $contact_name
Your ticket regarding \"$ticket_subject\" has been updated and is pending closure.
--------------------------------
$ticket_reply--------------------------------
If your issue is resolved, you can ignore this email. If you need further assistance, please respond!
Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id
~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone";
+
+ } else {
+ $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject";
+ $body = "##- Please type your reply above this line -##
Hello, $contact_name
Your ticket regarding \"$ticket_subject\" has been updated.
--------------------------------
$ticket_reply--------------------------------
Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id
~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone";
+
+ }
+
+ $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+ $config_ticket_from_email, $config_ticket_from_name,
+ $contact_email, $contact_name,
+ $subject, $body);
+
+ if ($mail !== true) {
+ mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+ }
+ }
+ }
+ //End Mail IF
+
+ // Notification for assigned ticket user
+ if (intval($session_user_id) !== $ticket_assigned_to || $ticket_assigned_to !== 0) {
+
+ mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that is assigned to you', notification_client_id = $client_id, notification_user_id = $ticket_assigned_to");
+ }
+
+ // Notification for user that opened the ticket
+ if (intval($session_user_id) !== $ticket_created_by || $ticket_created_by !== 0) {
+
+ mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that you opened', notification_client_id = $client_id, notification_user_id = $ticket_created_by");
+ }
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Create', log_description = '$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_reply_id");
+
+ $_SESSION['alert_message'] = "Ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ticket_reply'])) {
+
+ validateTechRole();
+
+ $ticket_reply_id = intval($_POST['ticket_reply_id']);
+ $ticket_reply = mysqli_real_escape_string($mysqli,$_POST['ticket_reply']);
+ $ticket_reply_time_worked = sanitizeInput($_POST['time']);
+
+ $client_id = intval($_POST['client_id']);
+
+ mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Modify', log_description = '$session_name modified ticket reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_reply_id");
+
+ $_SESSION['alert_message'] = "Ticket reply updated";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['archive_ticket_reply'])) {
+
+ validateAdminRole();
+
+ $ticket_reply_id = intval($_GET['archive_ticket_reply']);
+
+ mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Archive', log_description = '$session_name arhived ticket reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_reply_id");
+
+ $_SESSION['alert_type'] = "error";
+ $_SESSION['alert_message'] = "Ticket reply archived";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['merge_ticket'])) {
+
+ validateTechRole();
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']);
+ $merge_comment = sanitizeInput($_POST['merge_comment']);
+ $ticket_reply_type = 'Internal';
+
+ //Get current ticket details
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id");
+ if (mysqli_num_rows($sql) == 0) {
+ $_SESSION['alert_message'] = "No ticket with that ID found.";
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+ exit();
+ }
+ $row = mysqli_fetch_array($sql);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = sanitizeInput($row['ticket_details']);
+
+ //Get merge into ticket id (as it may differ from the number)
+ $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
+ if (mysqli_num_rows($sql) == 0) {
+ $_SESSION['alert_message'] = "Cannot merge into that ticket.";
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+ exit();
+ }
+ $merge_row = mysqli_fetch_array($sql);
+ $merge_into_ticket_id = intval($merge_row['ticket_id']);
+
+ if ($ticket_number == $merge_into_ticket_number) {
+ $_SESSION['alert_message'] = "Cannot merge into the same ticket.";
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+ exit();
+ }
+
+ //Update current ticket
+ mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+ mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Closed', ticket_closed_at = NOW() WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+
+ //Update new ticket
+ mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.
$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id") or die(mysqli_error($mysqli));
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Merged', log_description = 'Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['change_client_ticket'])) {
+
+ validateTechRole();
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $client_id = intval($_POST['new_client_id']);
+ $contact_id = intval($_POST['new_contact_id']);
+
+ // Set any/all existing replies to internal
+ mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_type = 'Internal' WHERE ticket_reply_ticket_id = $ticket_id");
+
+ // Update ticket client & contact
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_client_id = $client_id, ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id LIMIT 1");
+
+ //Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Modify', log_description = '$session_name modified ticket - client changed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_id");
+
+ $_SESSION['alert_message'] = "Ticket client updated";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['close_ticket'])) {
+
+ validateTechRole();
+
+ $ticket_id = intval($_GET['close_ticket']);
+
+ mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Closed', ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+
+ mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ // Client notification email
+ if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
+
+ // Get details
+ $ticket_sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ WHERE ticket_id = $ticket_id
+ ");
+ $row = mysqli_fetch_array($ticket_sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+
+ $company_sql = mysqli_query($mysqli,"SELECT company_phone FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_array($company_sql);
+ $company_phone = formatPhoneNumber($row['company_phone']);
+
+ // Check email valid
+ if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
+
+ $subject = "Ticket closed - [$ticket_prefix$ticket_number] - $ticket_subject | (do not reply)";
+ $body = "Hello, $contact_name
Your ticket regarding \"$ticket_subject\" has been closed.
We hope the issue was resolved to your satisfaction. If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email.
Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id
~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone";
+
+ $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+ $config_ticket_from_email, $config_ticket_from_name,
+ $contact_email, $contact_name,
+ $subject, $body);
+
+ if ($mail !== true) {
+ mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+ }
+
+ }
+
+ }
+ //End Mail IF
+
+ $_SESSION['alert_message'] = "Ticket Closed, this cannot not be reopened but you may start another one";
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['add_invoice_from_ticket'])) {
+
+ $invoice_id = intval($_POST['invoice_id']);
+ $ticket_id = intval($_POST['ticket_id']);
+ $date = sanitizeInput($_POST['date']);
+ $category = intval($_POST['category']);
+ $scope = sanitizeInput($_POST['scope']);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN assets ON ticket_asset_id = asset_id
+ LEFT JOIN locations ON ticket_location_id = location_id
+ WHERE ticket_id = $ticket_id"
+ );
+
+ $row = mysqli_fetch_array($sql);
+ $client_id = intval($row['client_id']);
+ $client_net_terms = intval($row['client_net_terms']);
+ if ($client_net_terms == 0) {
+ $client_net_terms = $config_default_net_terms;
+ }
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_category = sanitizeInput($row['ticket_category']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_created_at = sanitizeInput($row['ticket_created_at']);
+ $ticket_updated_at = sanitizeInput($row['ticket_updated_at']);
+ $ticket_closed_at = sanitizeInput($row['ticket_closed_at']);
+
+ $contact_id = intval($row['contact_id']);
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+
+ $asset_id = intval($row['asset_id']);
+
+ $location_name = sanitizeInput($row['location_name']);
+
+ if ($invoice_id == 0) {
+
+ //Get the last Invoice Number and add 1 for the new invoice number
+ $invoice_number = $config_invoice_next_number;
+ $new_config_invoice_next_number = $config_invoice_next_number + 1;
+ mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
+
+ //Generate a unique URL key for clients to access
+ $url_key = randomString(156);
+
+ mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
+ $invoice_id = mysqli_insert_id($mysqli);
+ }
+
+ //Add Item
+ $item_name = sanitizeInput($_POST['item_name']);
+ $item_description = sanitizeInput($_POST['item_description']);
+ $qty = floatval($_POST['qty']);
+ $price = floatval($_POST['price']);
+ $tax_id = intval($_POST['tax_id']);
+
+ $subtotal = $price * $qty;
+
+ if ($tax_id > 0) {
+ $sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_id = $tax_id");
+ $row = mysqli_fetch_array($sql);
+ $tax_percent = floatval($row['tax_percent']);
+ $tax_amount = $subtotal * $tax_percent / 100;
+ }else{
+ $tax_amount = 0;
+ }
+
+ $total = $subtotal + $tax_amount;
+
+ mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $qty, item_price = $price, item_subtotal = $subtotal, item_tax = $tax_amount, item_total = $total, item_tax_id = $tax_id, item_invoice_id = $invoice_id");
+
+ //Update Invoice Balances
+
+ $sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
+ $row = mysqli_fetch_array($sql);
+
+ $new_invoice_amount = floatval($row['invoice_amount']) + $total;
+
+ mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
+
+ mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created from Ticket $ticket_prefix$ticket_number', history_invoice_id = $invoice_id");
+
+ // Add internal note to ticket
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Created invoice $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Create', log_description = '$config_invoice_prefix$invoice_number created from Ticket $ticket_prefix$ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Invoice created from ticket";
+
+ header("Location: invoice.php?invoice_id=$invoice_id");
+}
+
+if (isset($_POST['export_client_tickets_csv'])) {
+
+ validateTechRole();
+
+ $client_id = intval($_POST['client_id']);
+
+ //get records from database
+ $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
+ $row = mysqli_fetch_array($sql);
+
+ $client_name = $row['client_name'];
+
+ $sql = mysqli_query($mysqli,"SELECT * FROM tickets WHERE ticket_client_id = $client_id ORDER BY ticket_number ASC");
+ if ($sql->num_rows > 0) {
+ $delimiter = ",";
+ $filename = $client_name . "-Tickets-" . date('Y-m-d') . ".csv";
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Closed');
+ fputcsv($f, $fields, $delimiter);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while($row = $sql->fetch_assoc()) {
+ $lineData = array($row['ticket_number'], $row['ticket_priority'], $row['ticket_status'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_closed_at']);
+ fputcsv($f, $lineData, $delimiter);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+ exit;
+
+}
+
+if (isset($_POST['add_scheduled_ticket'])) {
+
+ validateTechRole();
+
+ require_once('post/scheduled_ticket_model.php');
+ $start_date = sanitizeInput($_POST['start_date']);
+
+ if ($client_id > 0 && $contact_id == 0) {
+ $sql = mysqli_query($mysqli, "SELECT primary_contact FROM clients WHERE client_id = $client_id");
+ $row = mysqli_fetch_array($sql);
+ $contact_id = intval($row['primary_contact']);
+ }
+
+ // Add scheduled ticket
+ mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_created_by = $session_user_id, scheduled_ticket_client_id = $client_id, scheduled_ticket_contact_id = $contact_id, scheduled_ticket_asset_id = $asset_id");
+
+ $scheduled_ticket_id = mysqli_insert_id($mysqli);
+
+ // Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Create', log_description = '$session_name created scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id");
+
+ $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency created";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_scheduled_ticket'])) {
+
+ validateTechRole();
+
+ require_once('post/scheduled_ticket_model.php');
+ $scheduled_ticket_id = intval($_POST['scheduled_ticket_id']);
+ $next_run_date = sanitizeInput($_POST['next_date']);
+
+ // Edit scheduled ticket
+ mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_next_run = '$next_run_date', scheduled_ticket_asset_id = $asset_id WHERE scheduled_ticket_id = $scheduled_ticket_id");
+
+ // Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Modify', log_description = '$session_name modified scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id");
+
+ $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency updated";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_scheduled_ticket'])) {
+
+ validateAdminRole();
+
+ $scheduled_ticket_id = intval($_GET['delete_scheduled_ticket']);
+
+ // Get Scheduled Ticket Subject Ticket Prefix, Number and Client ID for logging and alert message
+ $sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id");
+ $row = mysqli_fetch_array($sql);
+ $scheduled_ticket_subject = sanitizeInput($row['scheduled_ticket_subject']);
+ $scheduled_ticket_frequency = sanitizeInput($row['scheduled_ticket_frequency']);
+
+ $client_id = intval($row['scheduled_ticket_client_id']);
+
+ // Delete
+ mysqli_query($mysqli, "DELETE FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id");
+
+ //Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name deleted scheduled ticket for $subject - $frequency', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id");
+
+ $_SESSION['alert_message'] = "Scheduled ticket $subject - $frequency deleted";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['bulk_delete_scheduled_tickets'])) {
+ validateAdminRole();
+ validateCSRFToken($_POST['csrf_token']);
+
+ $count = 0; // Default 0
+ $scheduled_ticket_ids = $_POST['scheduled_ticket_ids']; // Get array of scheduled tickets IDs to be deleted
+
+ if (!empty($scheduled_ticket_ids)) {
+
+ // Cycle through array and delete each scheduled ticket
+ foreach ($scheduled_ticket_ids as $scheduled_ticket_id) {
+
+ $scheduled_ticket_id = intval($scheduled_ticket_id);
+ mysqli_query($mysqli, "DELETE FROM scheduled_tickets WHERE scheduled_ticket_id = $scheduled_ticket_id");
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name deleted scheduled ticket (bulk)', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $scheduled_ticket_id");
+
+ $count++;
+ }
+
+ // Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Scheduled Ticket', log_action = 'Delete', log_description = '$session_name bulk deleted $count scheduled tickets', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Deleted $count scheduled ticket(s)";
+
+ }
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
diff --git a/post/transfer.php b/post/transfer.php
new file mode 100644
index 00000000..6eeb815b
--- /dev/null
+++ b/post/transfer.php
@@ -0,0 +1,73 @@
+ 0){
+ $delimiter = ",";
+ $filename = "$session_company_name-Trips-$file_name_date.csv";
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Date', 'Purpose', 'Source', 'Destination', 'Miles');
+ fputcsv($f, $fields, $delimiter);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while($row = mysqli_fetch_assoc($sql)){
+ $lineData = array($row['trip_date'], $row['trip_purpose'], $row['trip_source'], $row['trip_destination'], $row['trip_miles']);
+ fputcsv($f, $lineData, $delimiter);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+ exit;
+
+}
+
+if (isset($_POST['export_client_trips_csv'])) {
+ $client_id = intval($_POST['client_id']);
+
+ //get records from database
+ $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
+ $row = mysqli_fetch_array($sql);
+
+ $client_name = $row['client_name'];
+
+ $sql = mysqli_query($mysqli,"SELECT * FROM trips WHERE trip_client_id = $client_id ORDER BY trip_date ASC");
+ if($sql->num_rows > 0){
+ $delimiter = ",";
+ $filename = $client_name . "-Trips-" . date('Y-m-d') . ".csv";
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Date', 'Purpose', 'Source', 'Destination', 'Miles');
+ fputcsv($f, $fields, $delimiter);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while($row = $sql->fetch_assoc()){
+ $lineData = array($row['trip_date'], $row['trip_purpose'], $row['trip_source'], $row['trip_destination'], $row['trip_miles']);
+ fputcsv($f, $lineData, $delimiter);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+ exit;
+
+}
diff --git a/models/trip.php b/post/trip_model.php
similarity index 100%
rename from models/trip.php
rename to post/trip_model.php
diff --git a/post/user.php b/post/user.php
new file mode 100644
index 00000000..591527fb
--- /dev/null
+++ b/post/user.php
@@ -0,0 +1,282 @@
+
An ITFlow account has been setup for you. Please change your password upon login.
Username: $email
Password: $_POST[password]
Login URL: https://$config_base_url
~
$session_company_name
Support Department
$config_ticket_from_email";
+
+ $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+ $config_ticket_from_email, $config_ticket_from_name,
+ $email, $name,
+ $subject, $body);
+
+ if ($mail !== true) {
+ mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'");
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+ }
+
+ }
+
+ // Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Create', log_description = '$session_name created user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+ $_SESSION['alert_message'] = "User $name created" . $extended_alert_description;
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_user'])) {
+
+ require_once('post/user_model.php');
+
+ validateAdminRole();
+
+ validateCSRFToken($_POST['csrf_token']);
+
+ $user_id = intval($_POST['user_id']);
+ $new_password = trim($_POST['new_password']);
+
+ // Get current Avatar
+ $sql = mysqli_query($mysqli, "SELECT user_avatar FROM users WHERE user_id = $user_id");
+ $row = mysqli_fetch_array($sql);
+ $existing_file_name = sanitizeInput($row['user_avatar']);
+
+ $extended_log_description = '';
+ if (!empty($_POST['2fa'])) {
+ $two_fa = $_POST['2fa'];
+ }
+
+ if (!file_exists("uploads/users/$user_id/")) {
+ mkdir("uploads/users/$user_id");
+ }
+
+ // Check for and process image/photo
+ $extended_alert_description = '';
+ if ($_FILES['file']['tmp_name'] != '') {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
+
+ $file_tmp_path = $_FILES['file']['tmp_name'];
+
+ // directory in which the uploaded file will be moved
+ $upload_file_dir = "uploads/users/$user_id/";
+ $dest_path = $upload_file_dir . $new_file_name;
+ move_uploaded_file($file_tmp_path, $dest_path);
+
+ // Delete old file
+ unlink("uploads/users/$user_id/$existing_file_name");
+
+ // Set Avatar
+ mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
+ $extended_alert_description = '. File successfully uploaded.';
+ } else {
+ $_SESSION['alert_type'] = "error";
+ $extended_alert_description = '. Error uploading photo. Check upload directory is writable/correct file type/size';
+ }
+ }
+
+ mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
+
+ if (!empty($new_password)) {
+ $new_password = password_hash($new_password, PASSWORD_DEFAULT);
+ $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['new_password']));
+ mysqli_query($mysqli, "UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
+ //Extended Logging
+ $extended_log_description .= ", password changed";
+ }
+
+ if (!empty($two_fa) && $two_fa == 'disable') {
+ mysqli_query($mysqli, "UPDATE users SET user_token = '' WHERE user_id = '$user_id'");
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name disabled 2FA for $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+ }
+
+ //Update User Settings
+ mysqli_query($mysqli, "UPDATE user_settings SET user_role = $role WHERE user_id = $user_id");
+
+ //Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name modified user $name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+ $_SESSION['alert_message'] = "User $name updated" . $extended_alert_description;
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['activate_user'])) {
+
+ validateAdminRole();
+ validateCSRFToken($_GET['csrf_token']);
+
+ $user_id = intval($_GET['activate_user']);
+
+ // Get User Name
+ $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
+ $row = mysqli_fetch_array($sql);
+ $user_name = sanitizeInput($row['user_name']);
+
+ mysqli_query($mysqli, "UPDATE users SET user_status = 1 WHERE user_id = $user_id");
+
+ //Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name activated user $user_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+ $_SESSION['alert_message'] = "User $user_name activated";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['disable_user'])) {
+
+ validateAdminRole();
+ validateCSRFToken($_GET['csrf_token']);
+
+ $user_id = intval($_GET['disable_user']);
+
+ // Get User Name
+ $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
+ $row = mysqli_fetch_array($sql);
+ $user_name = sanitizeInput($row['user_name']);
+
+ mysqli_query($mysqli, "UPDATE users SET user_status = 0 WHERE user_id = $user_id");
+
+ //Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name disabled user $user_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+ $_SESSION['alert_type'] = "error";
+ $_SESSION['alert_message'] = "User $user_name disabled";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['archive_user'])) {
+
+ validateAdminRole();
+
+ // CSRF Check
+ validateCSRFToken($_GET['csrf_token']);
+
+ // Variables from GET
+ $user_id = intval($_GET['archive_user']);
+ $password = password_hash(randomString(), PASSWORD_DEFAULT);
+
+ // Get user details
+ $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
+ $row = mysqli_fetch_array($sql);
+ $name = sanitizeInput($row['user_name']);
+
+ // Archive user query
+ mysqli_query($mysqli, "UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
+
+ // Logging
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Archive', log_description = '$session_name archived user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+ $_SESSION['alert_type'] = "error";
+ $_SESSION['alert_message'] = "User $name archived";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['export_users_csv'])) {
+
+ validateAdminRole();
+
+ //get records from database
+ $sql = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC");
+
+ if ($sql->num_rows > 0) {
+ $delimiter = ", ";
+ $filename = $session_company_name . "-Users-" . date('Y-m-d') . ".csv";
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Name', 'Email', 'Role', 'Status', 'Creation Date');
+ fputcsv($f, $fields, $delimiter);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while($row = $sql->fetch_assoc()) {
+
+ $user_status = intval($row['user_status']);
+ if ($user_status == 2) {
+ $user_status_display = "Invited";
+ } elseif ($user_status == 1) {
+ $user_status_display = "Active";
+ } else{
+ $user_status_display = "Disabled";
+ }
+ $user_role = $row['user_role'];
+ if ($user_role == 3) {
+ $user_role_display = "Administrator";
+ } elseif ($user_role == 2) {
+ $user_role_display = "Technician";
+ } else {
+ $user_role_display = "Accountant";
+ }
+
+ $lineData = array($row['user_name'], $row['user_email'], $user_role_display, $user_status_display, $row['user_created_at']);
+ fputcsv($f, $lineData, $delimiter);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+ exit;
+
+}
diff --git a/models/user.php b/post/user_model.php
similarity index 100%
rename from models/user.php
rename to post/user_model.php
diff --git a/post/vendor.php b/post/vendor.php
new file mode 100644
index 00000000..76718c09
--- /dev/null
+++ b/post/vendor.php
@@ -0,0 +1,211 @@
+$name created";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['edit_vendor_template'])) {
+
+ require_once('post/vendor_model.php');
+
+ $vendor_id = intval($_POST['vendor_id']);
+ $vendor_template_id = intval($_POST['vendor_template_id']);
+
+ if ($_POST['update_base_vendors'] == 1) {
+ $sql_update_vendors = "OR vendor_template_id = $vendor_id";
+ } else {
+ $sql_update_vendors = "";
+ }
+
+ //Update the exisiting template and all templates bassed of this vendor template
+ mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes' WHERE (vendor_id = $vendor_id $sql_update_vendors)");
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Modify', log_description = '$session_name modified vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Vendor template $name modified";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['add_vendor_from_template'])) {
+
+ // GET POST Data
+ $client_id = intval($_POST['client_id']); //Used if this vendor is under a contact otherwise its 0 for under company and or template
+ $vendor_template_id = intval($_POST['vendor_template_id']);
+
+ //GET Vendor Info
+ $sql_vendor = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_id = $vendor_template_id");
+
+ $row = mysqli_fetch_array($sql_vendor);
+
+ $name = sanitizeInput($row['vendor_name']);
+ $description = sanitizeInput($row['vendor_description']);
+ $account_number = sanitizeInput($row['vendor_account_number']);
+ $contact_name = sanitizeInput($row['vendor_contact_name']);
+ $phone = preg_replace("/[^0-9]/", '',$row['vendor_phone']);
+ $extension = preg_replace("/[^0-9]/", '',$row['vendor_extension']);
+ $email = sanitizeInput($row['vendor_email']);
+ $website = sanitizeInput($row['vendor_website']);
+ $hours = sanitizeInput($row['vendor_hours']);
+ $sla = sanitizeInput($row['vendor_sla']);
+ $code = sanitizeInput($row['vendor_code']);
+ $notes = sanitizeInput($row['vendor_notes']);
+
+ // Vendor add query
+ mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_client_id = $client_id, vendor_template_id = $vendor_template_id");
+
+ $vendor_id = mysqli_insert_id($mysqli);
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Create', log_description = 'Vendor created from template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Vendor created from template";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+// Vendors
+
+if (isset($_POST['add_vendor'])) {
+
+ require_once('post/vendor_model.php');
+
+ $client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company
+
+ mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_client_id = $client_id");
+
+ $vendor_id = mysqli_insert_id($mysqli);
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Create', log_description = '$session_name created vendor $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Vendor $name created";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['edit_vendor'])) {
+
+ require_once('post/vendor_model.php');
+
+ $vendor_id = intval($_POST['vendor_id']);
+ $vendor_template_id = intval($_POST['vendor_template_id']);
+
+ mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code',vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template_id = $vendor_template_id WHERE vendor_id = $vendor_id");
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Modify', log_description = '$session_name modified vendor $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+ $_SESSION['alert_message'] = "Vendor $name modified";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_GET['archive_vendor'])) {
+ $vendor_id = intval($_GET['archive_vendor']);
+
+ //Get Vendor Name
+ $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_id = $vendor_id");
+ $row = mysqli_fetch_array($sql);
+ $vendor_name = sanitizeInput($row['vendor_name']);
+
+ mysqli_query($mysqli,"UPDATE vendors SET vendor_archived_at = NOW() WHERE vendor_id = $vendor_id");
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Archive', log_description = '$session_name archived vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
+
+ $_SESSION['alert_type'] = "error";
+ $_SESSION['alert_message'] = "Vendor $vendor_name archived";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_GET['delete_vendor'])) {
+ $vendor_id = intval($_GET['delete_vendor']);
+
+ //Get Vendor Name
+ $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_id = $vendor_id");
+ $row = mysqli_fetch_array($sql);
+ $vendor_name = sanitizeInput($row['vendor_name']);
+ $client_id = intval($row['vendor_client_id']);
+ $vendor_template_id = intval($row['vendor_template_id']);
+
+ // If its a template reset all vendors based off this template to no template base
+ if ($vendor_template_id > 0) {
+ mysqli_query($mysqli,"UPDATE vendors SET vendor_template_id = 0 WHERE vendor_template_id = $vendor_template_id");
+ }
+
+ mysqli_query($mysqli,"DELETE FROM vendors WHERE vendor_id = $vendor_id");
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Delete', log_description = '$session_name deleted vendor $vendor_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
+
+ $_SESSION['alert_type'] = "error";
+ $_SESSION['alert_message'] = "Vendor $vendor_name deleted";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['export_client_vendors_csv'])) {
+ $client_id = intval($_POST['client_id']);
+
+ //get records from database
+ $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
+ $row = mysqli_fetch_array($sql);
+
+ $client_name = $row['client_name'];
+
+ $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
+ if ($sql->num_rows > 0) {
+ $delimiter = ",";
+ $filename = $client_name . "-Vendors-" . date('Y-m-d') . ".csv";
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Name', 'Description', 'Contact Name', 'Phone', 'Website', 'Account Number', 'Notes');
+ fputcsv($f, $fields, $delimiter);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while($row = $sql->fetch_assoc()) {
+ $lineData = array($row['vendor_name'], $row['vendor_description'], $row['vendor_contact_name'], $row['vendor_phone'], $row['vendor_website'], $row['vendor_account_number'], $row['vendor_notes']);
+ fputcsv($f, $lineData, $delimiter);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+
+ //Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor', log_action = 'Export', log_description = '$session_name exported vendors to CSV', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
+
+ exit;
+}
diff --git a/models/vendor.php b/post/vendor_model.php
similarity index 100%
rename from models/vendor.php
rename to post/vendor_model.php