diff --git a/.gitignore b/.gitignore index 7d06cba2..dd0bf48d 100644 --- a/.gitignore +++ b/.gitignore @@ -32,10 +32,6 @@ plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/* plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/* !plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/.gitkeep .vscode/settings.json -xcustom/* -!xcustom/readme.php -post/xcustom -!post/xcustom/readme.php admin/custom/* !admin/custom/readme.php agent/custom/* @@ -53,5 +49,3 @@ setup/custom/* api/v1/custom/* !api/v1/custom/readme.php .zed - - diff --git a/CHANGELOG.md b/CHANGELOG.md index aab7c5dd..5fbae131 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,55 @@ This file documents all notable changes made to ITFlow. +## [26.02] Stable Release +### Bug Fixes +- Mail Parser - Do not automatically send new ticket notifications to noreply/donotreply addresses. +- Ticket: removed newline \n on Parsed emails. +- Show Trips for everyone if accounting module is enabled. +- Fix Invoice Exporting. +- Fix Billable Column not sorting correctly in tickets. +- Fix Login flow where user agent and client user exists and agent has MFA but will not let them continue. +- Fix passing missing user_id var in client portal. +- Fix Ticket Templates not auto filling when selected. +- Fix Invoices not being sent to all billings contacts when manaully sent. +- Fix Documents and Files not able to be bulk deleted. +- Fix Role Archiving, can be archived as long as no users are assigned to the role. +- Fix showing Powered By ITFlow visibility on the login screen when Whitelabel is enabled. +- Missing username in audit log on successful login due to missing passed user_id to logging. +- API: Fix updating all documents instead of the intended document. +- Documents: Fix Document created at not showing the correct creation date of the master document. +- Ticket: Fixed Using edit ticket modal agent was not able to be set. +- Always check if a user is archived and or disabled instead of just during login. +- Report: Fix Collected tax report not totalling all tax categories. + +### New Features & Updates +- Task Approval System for ticket tasks: Once an approval is requested, the task cannot be marked as complete until approved. Internal Approvals Any other technician, or Specific technician, Client Approvals Anyone (usually the requestor) Tech contacts Billing contacts. +- Printable Invoice Packing Slips now available. +- Drastic Performance Bump: Up to 50% faster queries accross the board and reduced server memory usage by 40% by switching Database Query method from mysqli_fetch_array to mysqli_fetch_assoc. +- Added Connect to Microsoft 365 Button to mail settings. +- OAUTH2 support for Microsoft 365 and Google Workspaces is now considered stable and working. +- Favorites: Assets and Credentials now can be favorited singly or by Bulk action. Favorited items appear in the client overview now. +- Files/Documents: Collapsable folders feature, collapsed by default with a button to expand all. +- URL Keys and such are now set to a more manageable 32 Characters by default. +- Various UI/UX Updates throughout the app, with focus oin ticket details, contact details modal etc. +- Added Show Archived files and documents to the files section. +- Added Bulk Archive and restore options to files and documents. +- Rewrite of the Kanban Ticket view to match our procedural style of coding. +- All options are available in TinyMCE now in Mobile mode. +- Agent names appear now in Invoice History section. +- Mail Parser: Support flowed text. +- Assets: Keep Purchase reference when copying. +- Assets: Add basic tracking history: Archiving, restoring, name changes, transferimg to new clients. +- Mail Parser: NDR Parsing. +- Allow SVG files in mail attachments. +- Tickets: Use a more friendly time worked instead of 02:41:00 translates to 2h 41m. +- Update wording on ticket to invoice item details. +- Merge Tickets: Now wth a ticket merge dropdown list of tickets instead of a text field. +- Role Permissions can now be set during role creation, update Permission UI to use radio buttons instead of select boxes. +- Bump TinyMCE 8.2.2 to 8.3.2. +- Bump PHPMailer from 7.0.1 to 7.0.2. +- Bump Datatables from 2.3.4 to 2.3.7. + ## [25.12.1] Maint Release ### Major Changes diff --git a/README.md b/README.md index d5c52ebe..ab9597c0 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@
View demo
- Username: demo@demo | Password: demo + Username: demo@demo.com | Password: demo

About @@ -93,6 +93,7 @@ If you want to improve ITFlow, feel free to fork the repo and create a pull requ We’re incredibly grateful to the organizations and individuals who support the project - a big thank you to: - CompuMatter - F1 for HELP +- digiBandit - JetBrains (PhpStorm) ## License diff --git a/admin/ai_model.php b/admin/ai_model.php index 88c3b78b..2eab6bda 100644 --- a/admin/ai_model.php +++ b/admin/ai_model.php @@ -58,7 +58,7 @@ $num_rows = mysqli_num_rows($sql); @@ -105,7 +105,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- - Revoke - + date("Y-m-d H:i:s")) { ?> + + Revoke + + + + + Delete + +
@@ -164,4 +171,3 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -141,7 +141,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - +
- +
diff --git a/admin/modals/document_template/document_template_edit.php b/admin/modals/document_template/document_template_edit.php index e5533b17..33083804 100644 --- a/admin/modals/document_template/document_template_edit.php +++ b/admin/modals/document_template/document_template_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $document_template_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM document_templates WHERE document_template_id = $document_template_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_template_name = nullable_htmlentities($row['document_template_name']); $document_template_description = nullable_htmlentities($row['document_template_description']); $document_template_content = nullable_htmlentities($row['document_template_content']); diff --git a/admin/modals/mail_queue/mail_queue_message_view.php b/admin/modals/mail_queue/mail_queue_message_view.php index e30bf116..5a5ce9a0 100644 --- a/admin/modals/mail_queue/mail_queue_message_view.php +++ b/admin/modals/mail_queue/mail_queue_message_view.php @@ -17,7 +17,7 @@ $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'htt $purifier = new HTMLPurifier($purifier_config); $sql = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_id = $email_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $email_from = nullable_htmlentities($row['email_from']); $email_from_name = nullable_htmlentities($row['email_from_name']); diff --git a/admin/modals/payment_method/payment_method_edit.php b/admin/modals/payment_method/payment_method_edit.php index c063640a..5c9a82fe 100644 --- a/admin/modals/payment_method/payment_method_edit.php +++ b/admin/modals/payment_method/payment_method_edit.php @@ -6,7 +6,7 @@ $payment_method_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM payment_methods WHERE payment_method_id = $payment_method_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $payment_method_id = intval($row['payment_method_id']); $payment_method_name = nullable_htmlentities($row['payment_method_name']); $payment_method_description = nullable_htmlentities($row['payment_method_description']); diff --git a/admin/modals/payment_provider/payment_provider_add.php b/admin/modals/payment_provider/payment_provider_add.php index 7bf1f028..d8d48786 100644 --- a/admin/modals/payment_provider/payment_provider_add.php +++ b/admin/modals/payment_provider/payment_provider_add.php @@ -79,7 +79,7 @@ ob_start(); @@ -125,7 +125,7 @@ ob_start(); @@ -149,7 +149,7 @@ ob_start(); diff --git a/admin/modals/payment_provider/payment_provider_edit.php b/admin/modals/payment_provider/payment_provider_edit.php index 4c55b3bb..d3667b08 100644 --- a/admin/modals/payment_provider/payment_provider_edit.php +++ b/admin/modals/payment_provider/payment_provider_edit.php @@ -6,7 +6,7 @@ $provider_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_id = $provider_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $provider_name = nullable_htmlentities($row['payment_provider_name']); $public_key = nullable_htmlentities($row['payment_provider_public_key']); $private_key = nullable_htmlentities($row['payment_provider_private_key']); @@ -78,7 +78,7 @@ ob_start(); @@ -117,7 +117,7 @@ ob_start(); @@ -143,7 +143,7 @@ ob_start(); diff --git a/admin/modals/project_template/project_template_edit.php b/admin/modals/project_template/project_template_edit.php index 725494c5..37b03df7 100644 --- a/admin/modals/project_template/project_template_edit.php +++ b/admin/modals/project_template/project_template_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $project_template_id = intval($_GET['project_template_id']); $sql = mysqli_query($mysqli, "SELECT * FROM project_templates WHERE project_template_id = $project_template_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $project_template_name = nullable_htmlentities($row['project_template_name']); $project_template_description = nullable_htmlentities($row['project_template_description']); @@ -44,7 +44,7 @@ ob_start();
- +
diff --git a/admin/modals/project_template/project_template_ticket_template_add.php b/admin/modals/project_template/project_template_ticket_template_add.php index a67997dd..e1a251ed 100644 --- a/admin/modals/project_template/project_template_ticket_template_add.php +++ b/admin/modals/project_template/project_template_ticket_template_add.php @@ -36,7 +36,7 @@ ob_start(); AND ticket_template_archived_at IS NULL ORDER BY ticket_template_name ASC" ); - while ($row = mysqli_fetch_array($sql_ticket_templates_select)) { + while ($row = mysqli_fetch_assoc($sql_ticket_templates_select)) { $ticket_template_id_select = intval($row['ticket_template_id']); $ticket_template_name_select = nullable_htmlentities($row['ticket_template_name']); ?> diff --git a/admin/modals/role/role_add.php b/admin/modals/role/role_add.php index c9397514..8e4d583f 100644 --- a/admin/modals/role/role_add.php +++ b/admin/modals/role/role_add.php @@ -11,52 +11,203 @@ ob_start(); ×
+
- + +
+ + + +
+
-
- -
-
- + +
+ +
+ +
+
+ +
+
-
+ +
+ +
+
+ +
+ +
+
+ +
+ + +
+ + +
+ +
+ + +
+ +
+
-
- -
-
- -
- -
-
+ +
-
- -
-
- + + +
+ + +
+ + + + + + + + + +
+ +
- -
+ +
+
- - + +
+ +
Editing role: -
+
- - + +
-
-
+
@@ -68,7 +68,7 @@ ob_start();
- +
@@ -78,27 +78,33 @@ ob_start();
- +
-
-
- -
- +
+ required> + +
+ +
+ required> +
- -
+ +
Module permissions do not apply to Admins.
@@ -108,14 +114,14 @@ ob_start(); // Enumerate modules $sql_modules = mysqli_query($mysqli, "SELECT * FROM modules"); - while ($row_modules = mysqli_fetch_array($sql_modules)) { + while ($row_modules = mysqli_fetch_assoc($sql_modules)) { $module_id = intval($row_modules['module_id']); $module_name = nullable_htmlentities($row_modules['module_name']); $module_name_display = ucfirst(str_replace("module_","",$module_name)); $module_description = nullable_htmlentities($row_modules['module_description']); // Get permission level for module - $module_permission_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_role_permission_level FROM user_role_permissions WHERE module_id = $module_id AND user_role_id = $role_id LIMIT 1")); + $module_permission_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_role_permission_level FROM user_role_permissions WHERE module_id = $module_id AND user_role_id = $role_id LIMIT 1")); $module_permission = 0; if ($module_permission_row) { $module_permission = $module_permission_row['user_role_permission_level']; @@ -123,22 +129,73 @@ ob_start(); ?>
- -
- + + + +
+ + + + + + + + +
- + +
+
diff --git a/admin/modals/software_template/software_template_edit.php b/admin/modals/software_template/software_template_edit.php index ca7ff07a..5d4ff75d 100644 --- a/admin/modals/software_template/software_template_edit.php +++ b/admin/modals/software_template/software_template_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $software_template_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM software_templates WHERE software_template_id = $software_template_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $software_name = nullable_htmlentities($row['software_template_name']); $software_version = nullable_htmlentities($row['software_template_version']); $software_description = nullable_htmlentities($row['software_template_description']); diff --git a/admin/modals/tag/tag_edit.php b/admin/modals/tag/tag_edit.php index 312244b4..60c1e7f3 100644 --- a/admin/modals/tag/tag_edit.php +++ b/admin/modals/tag/tag_edit.php @@ -6,7 +6,7 @@ $tag_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_id = $tag_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $tag_name = nullable_htmlentities($row['tag_name']); $tag_type = intval($row['tag_type']); $tag_color = nullable_htmlentities($row['tag_color']); diff --git a/admin/modals/tax/tax_edit.php b/admin/modals/tax/tax_edit.php index b3803a20..56f0fda3 100644 --- a/admin/modals/tax/tax_edit.php +++ b/admin/modals/tax/tax_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $tax_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_id = $tax_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $tax_name = nullable_htmlentities($row['tax_name']); $tax_percent = floatval($row['tax_percent']); diff --git a/admin/modals/ticket_status/ticket_status_edit.php b/admin/modals/ticket_status/ticket_status_edit.php index 2c98baba..8a9e04b2 100644 --- a/admin/modals/ticket_status/ticket_status_edit.php +++ b/admin/modals/ticket_status/ticket_status_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $ticket_status_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $ticket_status_name = nullable_htmlentities($row['ticket_status_name']); $ticket_status_color = nullable_htmlentities($row['ticket_status_color']); $ticket_status_order = intval($row['ticket_status_order']); diff --git a/admin/modals/ticket_template/ticket_template_add.php b/admin/modals/ticket_template/ticket_template_add.php index cfccd8d1..944251b4 100644 --- a/admin/modals/ticket_template/ticket_template_add.php +++ b/admin/modals/ticket_template/ticket_template_add.php @@ -59,7 +59,7 @@ ob_start(); diff --git a/admin/modals/ticket_template/ticket_template_task_edit.php b/admin/modals/ticket_template/ticket_template_task_edit.php index 11be1d22..2926f087 100644 --- a/admin/modals/ticket_template/ticket_template_task_edit.php +++ b/admin/modals/ticket_template/ticket_template_task_edit.php @@ -6,7 +6,7 @@ $task_template_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_id = $task_template_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $task_template_name = nullable_htmlentities($row['task_template_name']); $task_template_order = intval($row['task_template_order']); $task_template_completion_estimate = intval($row['task_template_completion_estimate']); @@ -25,7 +25,7 @@ ob_start();
- +
@@ -47,7 +47,7 @@ ob_start();
- +
diff --git a/admin/modals/user/user_add.php b/admin/modals/user/user_add.php index 02a35998..de079867 100644 --- a/admin/modals/user/user_add.php +++ b/admin/modals/user/user_add.php @@ -76,7 +76,7 @@ ob_start(); No one
- +
diff --git a/admin/modules.php b/admin/modules.php index 9a7c0165..9993602f 100644 --- a/admin/modules.php +++ b/admin/modules.php @@ -57,7 +57,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $session_state_expires) { + flash_alert("Microsoft OAuth callback validation failed. Please try connecting again.", 'error'); + redirect($settings_mail_path); +} + +if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_tenant_id)) { + flash_alert("Microsoft OAuth settings are incomplete. Please fill Client ID, Client Secret, and Tenant ID.", 'error'); + redirect($settings_mail_path); +} + +if (defined('BASE_URL') && !empty(BASE_URL)) { + $base_url = rtrim((string) BASE_URL, '/'); +} else { + $base_url = 'https://' . rtrim((string) $config_base_url, '/'); +} + +$redirect_uri = $base_url . '/admin/oauth_microsoft_mail_callback.php'; +$token_url = 'https://login.microsoftonline.com/' . rawurlencode($config_mail_oauth_tenant_id) . '/oauth2/v2.0/token'; +$scope = 'offline_access openid profile https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send'; + +$ch = curl_init($token_url); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +curl_setopt($ch, CURLOPT_POST, true); +curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'grant_type' => 'authorization_code', + 'code' => $code, + 'redirect_uri' => $redirect_uri, + 'scope' => $scope, +], '', '&')); +curl_setopt($ch, CURLOPT_TIMEOUT, 20); + +$raw_body = curl_exec($ch); +$curl_err = curl_error($ch); +$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); +curl_close($ch); + +if ($raw_body === false || $http_code < 200 || $http_code >= 300) { + $reason = !empty($curl_err) ? $curl_err : "HTTP $http_code"; + flash_alert("Microsoft OAuth token exchange failed: $reason", 'error'); + redirect($settings_mail_path); +} + +$json = json_decode($raw_body, true); +if (!is_array($json) || empty($json['refresh_token']) || empty($json['access_token'])) { + flash_alert("Microsoft OAuth token exchange failed: refresh token or access token missing.", 'error'); + redirect($settings_mail_path); +} + +$refresh_token = (string) $json['refresh_token']; +$access_token = (string) $json['access_token']; +$expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + +$refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token); +$access_token_esc = mysqli_real_escape_string($mysqli, $access_token); +$expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + +mysqli_query($mysqli, "UPDATE settings SET + config_imap_provider = 'microsoft_oauth', + config_smtp_provider = 'microsoft_oauth', + config_mail_oauth_refresh_token = '$refresh_token_esc', + config_mail_oauth_access_token = '$access_token_esc', + config_mail_oauth_access_token_expires_at = '$expires_at_esc' + WHERE company_id = 1 +"); + +logAction("Settings", "Edit", "$session_name completed Microsoft OAuth connect flow for mail settings"); +flash_alert("Microsoft OAuth connected successfully. Token expires at $expires_at."); +redirect($settings_mail_path); diff --git a/admin/payment_method.php b/admin/payment_method.php index a5c0af4e..42cb955f 100644 --- a/admin/payment_method.php +++ b/admin/payment_method.php @@ -45,7 +45,7 @@ $num_rows = mysqli_num_rows($sql); $name revoked", 'error'); + + redirect(); + +} + if (isset($_GET['delete_api_key'])) { validateCSRFToken($_GET['csrf_token']); @@ -38,7 +59,7 @@ if (isset($_GET['delete_api_key'])) { $api_key_id = intval($_GET['delete_api_key']); // Get API Key Name - $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); $api_key_name = sanitizeInput($row['api_key_name']); $client_id = intval($row['api_key_client_id']); @@ -64,9 +85,9 @@ if (isset($_POST['bulk_delete_api_keys'])) { foreach ($_POST['api_key_ids'] as $api_key_id) { $api_key_id = intval($api_key_id); - + // Get API Key Name - $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT api_key_name, api_key_client_id FROM api_keys WHERE api_key_id = $api_key_id")); $api_key_name = sanitizeInput($row['api_key_name']); $client_id = intval($row['api_key_client_id']); diff --git a/admin/post/backup.php b/admin/post/backup.php index 6abe4c67..ab4287e3 100644 --- a/admin/post/backup.php +++ b/admin/post/backup.php @@ -307,11 +307,11 @@ if (isset($_POST['backup_master_key'])) { $password = $_POST['password']; $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); if (password_verify($password, $row['user_password'])) { $site_encryption_master_key = decryptUserSpecificKey($row['user_specific_encryption_ciphertext'], $password); - + logAction("Master Key", "Download", "$session_name retrieved the master encryption key"); appNotify("Master Key", "$session_name retrieved the master encryption key"); @@ -320,13 +320,12 @@ if (isset($_POST['backup_master_key'])) { echo "
Master encryption key:
"; echo "$site_encryption_master_key"; echo "
=============================="; - + } else { logAction("Master Key", "Download", "$session_name attempted to retrieve the master encryption key but failed"); flash_alert("Incorrect password.", 'error'); - + redirect(); } } - diff --git a/admin/post/category.php b/admin/post/category.php index 070744dc..569c8552 100644 --- a/admin/post/category.php +++ b/admin/post/category.php @@ -39,12 +39,12 @@ if (isset($_POST['edit_category'])) { } if (isset($_GET['archive_category'])) { - + $category_id = intval($_GET['archive_category']); // Get Category Name and Type for logging $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $category_name = sanitizeInput($row['category_name']); $category_type = sanitizeInput($row['category_type']); @@ -59,12 +59,12 @@ if (isset($_GET['archive_category'])) { } if (isset($_GET['unarchive_category'])) { - + $category_id = intval($_GET['unarchive_category']); // Get Category Name and Type for logging $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $category_name = sanitizeInput($row['category_name']); $category_type = sanitizeInput($row['category_type']); @@ -79,12 +79,12 @@ if (isset($_GET['unarchive_category'])) { } if (isset($_GET['delete_category'])) { - + $category_id = intval($_GET['delete_category']); // Get Category Name and Type for logging $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $category_name = sanitizeInput($row['category_name']); $category_type = sanitizeInput($row['category_type']); diff --git a/admin/post/custom_link.php b/admin/post/custom_link.php index 5ecf4710..0a3c6e66 100644 --- a/admin/post/custom_link.php +++ b/admin/post/custom_link.php @@ -48,12 +48,12 @@ if (isset($_POST['edit_custom_link'])) { } if (isset($_GET['delete_custom_link'])) { - + $custom_link_id = intval($_GET['delete_custom_link']); // Get Custom Link name and uri for logging $sql = mysqli_query($mysqli,"SELECT custom_link_name, custom_link_uri FROM custom_links WHERE custom_link_id = $custom_link_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $custom_link_name = sanitizeInput($row['custom_link_name']); $custom_link_uri = sanitizeInput($row['custom_link_uri']); diff --git a/admin/post/roles.php b/admin/post/roles.php index fb79c254..d38e0a65 100644 --- a/admin/post/roles.php +++ b/admin/post/roles.php @@ -18,9 +18,23 @@ if (isset($_POST['add_role'])) { $role_id = mysqli_insert_id($mysqli); + // Insert role permissions (only if not admin) + if ($admin == 0) { + foreach ($_POST as $key => $value) { + if (str_contains($key, '##module_')) { + $module_id = intval(explode('##', $key)[0]); + $access_level = intval($value); + + if ($access_level > 0) { + mysqli_query($mysqli, "INSERT INTO user_role_permissions SET user_role_id = $role_id, module_id = $module_id, user_role_permission_level = $access_level"); + } + } + } + } + logAction("User Role", "Create", "$session_name created user role $name", 0, $role_id); - flash_alert("User Role created"); + flash_alert("User Role $name created"); redirect(); @@ -34,7 +48,7 @@ if (isset($_POST['edit_role'])) { $name = sanitizeInput($_POST['role_name']); $description = sanitizeInput($_POST['role_description']); $admin = intval($_POST['role_is_admin']); - + mysqli_query($mysqli, "UPDATE user_roles SET role_name = '$name', role_description = '$description', role_is_admin = $admin WHERE role_id = $role_id"); // Update role access levels @@ -70,18 +84,18 @@ if (isset($_GET['archive_role'])) { $role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; if ($role_user_count != 0) { flash_alert("Role must not in use to archive it", 'error'); - + redirect(); } mysqli_query($mysqli, "UPDATE user_roles SET role_archived_at = NOW() WHERE role_id = $role_id"); - $role_name = sanitizeInput(getFieldById('roles', $role_id, 'role_name')); + $role_name = sanitizeInput(getFieldById('user_roles', $role_id, 'role_name')); logAction("User Role", "Archive", "$session_name archived user role $role_name", 0, $role_id); flash_alert("User Role $role_name archived", 'error'); - + redirect(); -} \ No newline at end of file +} diff --git a/admin/post/saved_payment_method.php b/admin/post/saved_payment_method.php index c4d0bfd6..7f2b7896 100644 --- a/admin/post/saved_payment_method.php +++ b/admin/post/saved_payment_method.php @@ -3,13 +3,13 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_GET['delete_saved_payment'])) { - + validateCSRFToken($_GET['csrf_token']); $saved_payment_id = intval($_GET['delete_saved_payment']); $sql = mysqli_query($mysqli, " - SELECT + SELECT client_saved_payment_methods.saved_payment_id, client_saved_payment_methods.saved_payment_client_id, client_saved_payment_methods.saved_payment_provider_id, @@ -27,7 +27,7 @@ if (isset($_GET['delete_saved_payment'])) { WHERE client_saved_payment_methods.saved_payment_id = $saved_payment_id" ); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $client_id = intval($row['saved_payment_client_id']); $provider_id = intval($row['saved_payment_provider_id']); $payment_provider_name = nullable_htmlentities($row['payment_provider_name']); @@ -62,9 +62,9 @@ if (isset($_GET['delete_saved_payment'])) { // SQL Cascade delete will Remove All Associated Auto Payment Methods on recurring invoices in the recurring payments table. logAction("Payment Provider", "Update", "$session_name deleted saved payment method $saved_payment_description (PM: $payment_method)", $client_id); - + flash_alert("Payment method $saved_payment_description removed", 'error'); - + redirect(); } diff --git a/admin/post/settings_company.php b/admin/post/settings_company.php index 160055a9..72fd531a 100644 --- a/admin/post/settings_company.php +++ b/admin/post/settings_company.php @@ -19,7 +19,7 @@ if (isset($_POST['edit_company'])) { $tax_id = sanitizeInput($_POST['tax_id']); $sql = mysqli_query($mysqli,"SELECT company_logo FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $existing_file_name = sanitizeInput($row['company_logo']); // Company logo @@ -55,7 +55,7 @@ if (isset($_POST['edit_company'])) { if (isset($_GET['remove_company_logo'])) { $sql = mysqli_query($mysqli,"SELECT company_logo FROM companies"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_logo = $row['company_logo']; // FileSystem Operation Logo is already sanitized unlink("../uploads/settings/$company_logo"); diff --git a/admin/post/settings_mail.php b/admin/post/settings_mail.php index 34d9dc0e..bd24ca00 100644 --- a/admin/post/settings_mail.php +++ b/admin/post/settings_mail.php @@ -1,287 +1,582 @@ - $email_from, - 'from_name' => $email_from_name, - 'recipient' => $email_to, - 'recipient_name' => 'Chap', - 'subject' => $subject, - 'body' => $body - ] - ]; - - $mail = addToMailQueue($data); - - if ($mail === true) { - flash_alert("Test email queued! Check Admin > Mail queue"); - } else { - flash_alert("Failed to add test mail to queue", 'error'); - } - - redirect(); - -} - -if (isset($_POST['test_email_imap'])) { - - validateCSRFToken($_POST['csrf_token']); - - $host = $config_imap_host; - $port = (int) $config_imap_port; - $encryption = strtolower(trim($config_imap_encryption)); // e.g. "ssl", "tls", "none" - $username = $config_imap_username; - $password = $config_imap_password; - - // Build remote socket (implicit SSL vs plain TCP) - $transport = 'tcp'; - if ($encryption === 'ssl') { - $transport = 'ssl'; - } - - $remote_socket = $transport . '://' . $host . ':' . $port; - - // Stream context (you can tighten these if you want strict validation) - $contextOptions = []; - if (in_array($encryption, ['ssl', 'tls'], true)) { - $contextOptions['ssl'] = [ - 'verify_peer' => false, - 'verify_peer_name' => false, - 'allow_self_signed' => true, - ]; - } - - $context = stream_context_create($contextOptions); - - try { - $errno = 0; - $errstr = ''; - - // 10-second timeout, adjust as needed - $fp = @stream_socket_client( - $remote_socket, - $errno, - $errstr, - 10, - STREAM_CLIENT_CONNECT, - $context - ); - - if (!$fp) { - throw new Exception("Could not connect to IMAP server: [$errno] $errstr"); - } - - stream_set_timeout($fp, 10); - - // Read server greeting (IMAP servers send something like: * OK Dovecot ready) - $greeting = fgets($fp, 1024); - if ($greeting === false || strpos($greeting, '* OK') !== 0) { - fclose($fp); - throw new Exception("Invalid IMAP greeting: " . trim((string) $greeting)); - } - - // If you really want STARTTLS for "tls" (port 143), you can do it here - if ($encryption === 'tls' && stripos($greeting, 'STARTTLS') !== false) { - // Request STARTTLS - fwrite($fp, "A0001 STARTTLS\r\n"); - $line = fgets($fp, 1024); - if ($line === false || stripos($line, 'A0001 OK') !== 0) { - fclose($fp); - throw new Exception("STARTTLS failed: " . trim((string) $line)); - } - - // Enable crypto on the stream - if (!stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { - fclose($fp); - throw new Exception("Unable to enable TLS encryption on IMAP connection."); - } - } - - // --- Do LOGIN command --- - $tag = 'A0002'; - - // Simple quoting; this may fail with some special chars in username/password. - $loginCmd = sprintf( - "%s LOGIN \"%s\" \"%s\"\r\n", - $tag, - addcslashes($username, "\\\""), - addcslashes($password, "\\\"") - ); - - fwrite($fp, $loginCmd); - - $success = false; - $errorLine = ''; - - while (!feof($fp)) { - $line = fgets($fp, 2048); - if ($line === false) { - break; - } - - // Look for tagged response for our LOGIN - if (strpos($line, $tag . ' ') === 0) { - if (stripos($line, $tag . ' OK') === 0) { - $success = true; - } else { - $errorLine = trim($line); - } - break; - } - } - - // Always logout / close - fwrite($fp, "A0003 LOGOUT\r\n"); - fclose($fp); - - if ($success) { - flash_alert("Connected successfully"); - } else { - if (!$errorLine) { - $errorLine = 'Unknown IMAP authentication error'; - } - throw new Exception($errorLine); - } - - } catch (Exception $e) { - flash_alert("IMAP connection failed: " . htmlspecialchars($e->getMessage()), 'error'); - } - - redirect(); -} + $config_mail_oauth_client_id, + 'response_type' => 'code', + 'redirect_uri' => $redirect_uri, + 'response_mode' => 'query', + 'scope' => $scope, + 'state' => $state, + 'prompt' => 'consent', + ], '', '&', PHP_QUERY_RFC3986); + + logAction("Settings", "Edit", "$session_name started Microsoft OAuth connect flow for mail settings"); + + redirect($authorize_url); +} + +if (isset($_POST['edit_mail_smtp_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_smtp_provider = sanitizeInput($_POST['config_smtp_provider']); + $config_smtp_host = sanitizeInput($_POST['config_smtp_host']); + $config_smtp_port = intval($_POST['config_smtp_port'] ?? 0); + $config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']); + $config_smtp_username = sanitizeInput($_POST['config_smtp_username']); + $config_smtp_password = sanitizeInput($_POST['config_smtp_password']); + + // Shared OAuth fields + $config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']); + $config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']); + $config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']); + $config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']); + $config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']); + + mysqli_query($mysqli, " + UPDATE settings SET + config_smtp_provider = '$config_smtp_provider', + config_smtp_host = '$config_smtp_host', + config_smtp_port = $config_smtp_port, + config_smtp_encryption = '$config_smtp_encryption', + config_smtp_username = '$config_smtp_username', + config_smtp_password = '$config_smtp_password', + config_mail_oauth_client_id = '$config_mail_oauth_client_id', + config_mail_oauth_client_secret = '$config_mail_oauth_client_secret', + config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id', + config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token', + config_mail_oauth_access_token = '$config_mail_oauth_access_token' + WHERE company_id = 1 + "); + + logAction("Settings", "Edit", "$session_name edited SMTP settings"); + + flash_alert("SMTP Mail Settings updated"); + + redirect(); + +} + +if (isset($_POST['edit_mail_imap_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_imap_provider = sanitizeInput($_POST['config_imap_provider']); + $config_imap_host = sanitizeInput($_POST['config_imap_host']); + $config_imap_port = intval($_POST['config_imap_port'] ?? 0); + $config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']); + $config_imap_username = sanitizeInput($_POST['config_imap_username']); + $config_imap_password = sanitizeInput($_POST['config_imap_password']); + + // Shared OAuth fields + $config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']); + $config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']); + $config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']); + $config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']); + $config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']); + + mysqli_query($mysqli, " + UPDATE settings SET + config_imap_provider = '$config_imap_provider', + config_imap_host = '$config_imap_host', + config_imap_port = $config_imap_port, + config_imap_encryption = '$config_imap_encryption', + config_imap_username = '$config_imap_username', + config_imap_password = '$config_imap_password', + config_mail_oauth_client_id = '$config_mail_oauth_client_id', + config_mail_oauth_client_secret = '$config_mail_oauth_client_secret', + config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id', + config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token', + config_mail_oauth_access_token = '$config_mail_oauth_access_token' + WHERE company_id = 1 + "); + + logAction("Settings", "Edit", "$session_name edited IMAP settings"); + + flash_alert("IMAP Mail Settings updated"); + + redirect(); + +} + +if (isset($_POST['edit_mail_from_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL)); + $config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name'])); + + $config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL)); + $config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name'])); + + $config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL)); + $config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name'])); + + $config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL)); + $config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name'])); + + mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1"); + + logAction("Settings", "Edit", "$session_name edited mail from settings"); + + flash_alert("Mail From Settings updated"); + + redirect(); + +} + +if (isset($_POST['test_email_smtp'])) { + + validateCSRFToken($_POST['csrf_token']); + + $test_email = intval($_POST['test_email']); + + if($test_email == 1) { + $email_from = sanitizeInput($config_mail_from_email); + $email_from_name = sanitizeInput($config_mail_from_name); + } elseif ($test_email == 2) { + $email_from = sanitizeInput($config_invoice_from_email); + $email_from_name = sanitizeInput($config_invoice_from_name); + } elseif ($test_email == 3) { + $email_from = sanitizeInput($config_quote_from_email); + $email_from_name = sanitizeInput($config_quote_from_name); + } else { + $email_from = sanitizeInput($config_ticket_from_email); + $email_from_name = sanitizeInput($config_ticket_from_name); + } + + $email_to = sanitizeInput($_POST['email_to']); + $subject = "Test email from ITFlow"; + $body = "This is a test email from ITFlow. If you are reading this, it worked!"; + + $data = [ + [ + 'from' => $email_from, + 'from_name' => $email_from_name, + 'recipient' => $email_to, + 'recipient_name' => 'Chap', + 'subject' => $subject, + 'body' => $body + ] + ]; + + $mail = addToMailQueue($data); + + if ($mail === true) { + flash_alert("Test email queued! Check Admin > Mail queue"); + } else { + flash_alert("Failed to add test mail to queue", 'error'); + } + + redirect(); + +} + +if (isset($_POST['test_email_imap'])) { + + validateCSRFToken($_POST['csrf_token']); + + $provider = sanitizeInput($config_imap_provider ?? ''); + + $host = $config_imap_host; + $port = (int) $config_imap_port; + $encryption = strtolower(trim($config_imap_encryption)); // e.g. "ssl", "tls", "none" + $username = $config_imap_username; + $password = $config_imap_password; + + // Shared OAuth fields + $config_mail_oauth_client_id = $config_mail_oauth_client_id ?? ''; + $config_mail_oauth_client_secret = $config_mail_oauth_client_secret ?? ''; + $config_mail_oauth_tenant_id = $config_mail_oauth_tenant_id ?? ''; + $config_mail_oauth_refresh_token = $config_mail_oauth_refresh_token ?? ''; + $config_mail_oauth_access_token = $config_mail_oauth_access_token ?? ''; + $config_mail_oauth_access_token_expires_at = $config_mail_oauth_access_token_expires_at ?? ''; + + $is_oauth = ($provider === 'google_oauth' || $provider === 'microsoft_oauth'); + + if ($provider === 'google_oauth') { + if (empty($host)) { + $host = 'imap.gmail.com'; + } + if (empty($port)) { + $port = 993; + } + if (empty($encryption)) { + $encryption = 'ssl'; + } + } elseif ($provider === 'microsoft_oauth') { + if (empty($host)) { + $host = 'outlook.office365.com'; + } + if (empty($port)) { + $port = 993; + } + if (empty($encryption)) { + $encryption = 'ssl'; + } + } + + if (empty($host) || empty($port) || empty($username)) { + flash_alert("IMAP connection failed: Missing host, port, or username.", 'error'); + redirect(); + } + + $token_is_expired = function (?string $expires_at): bool { + if (empty($expires_at)) { + return true; + } + + $ts = strtotime($expires_at); + + if ($ts === false) { + return true; + } + + return ($ts - 60) <= time(); + }; + + $http_form_post = function (string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + + curl_close($ch); + + return [ + 'ok' => ($raw !== false && $code >= 200 && $code < 300), + 'body' => $raw, + 'code' => $code, + 'err' => $err, + ]; + }; + + if ($is_oauth) { + if (!empty($config_mail_oauth_access_token) && !$token_is_expired($config_mail_oauth_access_token_expires_at)) { + $password = $config_mail_oauth_access_token; + } else { + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { + flash_alert("IMAP OAuth failed: Missing OAuth client credentials or refresh token.", 'error'); + redirect(); + } + + if ($provider === 'google_oauth') { + $response = $http_form_post('https://oauth2.googleapis.com/token', [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } else { + if (empty($config_mail_oauth_tenant_id)) { + flash_alert("IMAP OAuth failed: Microsoft tenant ID is required.", 'error'); + redirect(); + } + + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($config_mail_oauth_tenant_id) . "/oauth2/v2.0/token"; + $response = $http_form_post($token_url, [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } + + if (!$response['ok']) { + flash_alert("IMAP OAuth failed: Could not refresh access token.", 'error'); + redirect(); + } + + $json = json_decode($response['body'], true); + if (!is_array($json) || empty($json['access_token'])) { + flash_alert("IMAP OAuth failed: Token response did not include an access token.", 'error'); + redirect(); + } + + $password = $json['access_token']; + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $refresh_token_to_save = $json['refresh_token'] ?? null; + + $token_esc = mysqli_real_escape_string($mysqli, $password); + $expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + + $refresh_sql = ''; + if (!empty($refresh_token_to_save)) { + $refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token_to_save); + $refresh_sql = ", config_mail_oauth_refresh_token = '{$refresh_token_esc}'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '{$token_esc}', config_mail_oauth_access_token_expires_at = '{$expires_at_esc}'{$refresh_sql} WHERE company_id = 1"); + } + } + + // Build remote socket (implicit SSL vs plain TCP) + $transport = 'tcp'; + if ($encryption === 'ssl') { + $transport = 'ssl'; + } + + $remote_socket = $transport . '://' . $host . ':' . $port; + + // Stream context (you can tighten these if you want strict validation) + $context_options = []; + if (in_array($encryption, ['ssl', 'tls'], true)) { + $context_options['ssl'] = [ + 'verify_peer' => false, + 'verify_peer_name' => false, + 'allow_self_signed' => true, + ]; + } + + $context = stream_context_create($context_options); + + try { + $errno = 0; + $errstr = ''; + + // 10-second timeout, adjust as needed + $fp = @stream_socket_client( + $remote_socket, + $errno, + $errstr, + 10, + STREAM_CLIENT_CONNECT, + $context + ); + + if (!$fp) { + throw new Exception("Could not connect to IMAP server: [$errno] $errstr"); + } + + stream_set_timeout($fp, 10); + + // Read server greeting (IMAP servers send something like: * OK Dovecot ready) + $greeting = fgets($fp, 1024); + if ($greeting === false || strpos($greeting, '* OK') !== 0) { + fclose($fp); + throw new Exception("Invalid IMAP greeting: " . trim((string) $greeting)); + } + // If you really want STARTTLS for "tls" (port 143), you can do it here + if ($encryption === 'tls' && stripos($greeting, 'STARTTLS') !== false) { + fwrite($fp, "A0001 STARTTLS\r\n"); + $line = fgets($fp, 1024); + if ($line === false || stripos($line, 'A0001 OK') !== 0) { + fclose($fp); + throw new Exception("STARTTLS failed: " . trim((string) $line)); + } + + if (!stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + fclose($fp); + throw new Exception("Unable to enable TLS encryption on IMAP connection."); + } + } + + $tag = 'A0002'; + + if ($is_oauth) { + $oauth_b64 = base64_encode("user={$username}\x01auth=Bearer {$password}\x01\x01"); + $auth_cmd = sprintf("%s AUTHENTICATE XOAUTH2 %s\r\n", $tag, $oauth_b64); + fwrite($fp, $auth_cmd); + } else { + $login_cmd = sprintf( + "%s LOGIN \"%s\" \"%s\"\r\n", + $tag, + addcslashes($username, "\\\""), + addcslashes($password, "\\\"") + ); + + fwrite($fp, $login_cmd); + } + + $success = false; + $error_line = ''; + + while (!feof($fp)) { + $line = fgets($fp, 2048); + if ($line === false) { + break; + } + + if (strpos($line, $tag . ' ') === 0) { + if (stripos($line, $tag . ' OK') === 0) { + $success = true; + } else { + $error_line = trim($line); + } + break; + } + } + + // Always logout / close + fwrite($fp, "A0003 LOGOUT\r\n"); + fclose($fp); + + if ($success) { + if ($is_oauth) { + flash_alert("Connected successfully using OAuth"); + } else { + flash_alert("Connected successfully"); + } + } else { + if (!$error_line) { + $error_line = 'Unknown IMAP authentication error'; + } + throw new Exception($error_line); + } + + } catch (Exception $e) { + flash_alert("IMAP connection failed: " . htmlspecialchars($e->getMessage()), 'error'); + } + + redirect(); +} + + +if (isset($_POST['test_oauth_token_refresh'])) { + + validateCSRFToken($_POST['csrf_token']); + + $provider = sanitizeInput($_POST['oauth_provider'] ?? ''); + + if ($provider !== 'google_oauth' && $provider !== 'microsoft_oauth') { + flash_alert("OAuth token test failed: unsupported provider.", 'error'); + redirect(); + } + + $oauth_client_id = sanitizeInput($config_mail_oauth_client_id ?? ''); + $oauth_client_secret = sanitizeInput($config_mail_oauth_client_secret ?? ''); + $oauth_tenant_id = sanitizeInput($config_mail_oauth_tenant_id ?? ''); + $oauth_refresh_token = sanitizeInput($config_mail_oauth_refresh_token ?? ''); + + if (empty($oauth_client_id) || empty($oauth_client_secret) || empty($oauth_refresh_token)) { + flash_alert("OAuth token test failed: missing client ID, client secret, or refresh token.", 'error'); + redirect(); + } + + if ($provider === 'microsoft_oauth' && empty($oauth_tenant_id)) { + flash_alert("OAuth token test failed: Microsoft tenant ID is required.", 'error'); + redirect(); + } + + $token_url = 'https://oauth2.googleapis.com/token'; + if ($provider === 'microsoft_oauth') { + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($oauth_tenant_id) . "/oauth2/v2.0/token"; + } + + $post_fields = http_build_query([ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + + $ch = curl_init($token_url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw_body = curl_exec($ch); + $curl_err = curl_error($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + + if ($raw_body === false || $http_code < 200 || $http_code >= 300) { + $err_msg = !empty($curl_err) ? $curl_err : "HTTP $http_code"; + flash_alert("OAuth token test failed: $err_msg", 'error'); + redirect(); + } + + $json = json_decode($raw_body, true); + + if (!is_array($json) || empty($json['access_token'])) { + flash_alert("OAuth token test failed: access token missing in provider response.", 'error'); + redirect(); + } + + $new_access_token = sanitizeInput($json['access_token']); + $new_expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $new_refresh_token = !empty($json['refresh_token']) ? sanitizeInput($json['refresh_token']) : ''; + + $new_access_token_esc = mysqli_real_escape_string($mysqli, $new_access_token); + $new_expires_at_esc = mysqli_real_escape_string($mysqli, $new_expires_at); + + $refresh_sql = ''; + if (!empty($new_refresh_token)) { + $new_refresh_token_esc = mysqli_real_escape_string($mysqli, $new_refresh_token); + $refresh_sql = ", config_mail_oauth_refresh_token = '$new_refresh_token_esc'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '$new_access_token_esc', config_mail_oauth_access_token_expires_at = '$new_expires_at_esc'$refresh_sql WHERE company_id = 1"); + + $provider_label = $provider === 'microsoft_oauth' ? 'Microsoft 365' : 'Google Workspace'; + logAction("Settings", "Edit", "$session_name tested OAuth token refresh for $provider_label mail settings"); + + flash_alert("OAuth token refresh successful for $provider_label. Access token expires at $new_expires_at."); + redirect(); +} diff --git a/admin/post/settings_online_payment_clients.php b/admin/post/settings_online_payment_clients.php index a77a3b61..4350b07a 100644 --- a/admin/post/settings_online_payment_clients.php +++ b/admin/post/settings_online_payment_clients.php @@ -3,7 +3,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_GET['stripe_remove_pm'])) { - + validateCSRFToken($_GET['csrf_token']); if (!$config_stripe_enable) { @@ -34,21 +34,21 @@ if (isset($_GET['stripe_remove_pm'])) { // Remove Auto Pay on recurring invoices that are stripe $sql_recurring_invoices = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id"); - while ($row = mysqli_fetch_array($sql_recurring_invoices)) { + while ($row = mysqli_fetch_assoc($sql_recurring_invoices)) { $recurring_invoice_id = intval($row['recurring_invoice_id']); mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_method = 'Stripe' AND recurring_payment_recurring_invoice_id = $recurring_invoice_id"); } logAction("Stripe", "Update", "$session_name deleted saved Stripe payment method (PM: $payment_method)", $client_id); - + flash_alert("Payment method removed", 'error'); - + redirect(); } if (isset($_GET['stripe_reset_customer'])) { - + validateCSRFToken($_GET['csrf_token']); $client_id = intval($_GET['client_id']); @@ -59,7 +59,7 @@ if (isset($_GET['stripe_reset_customer'])) { // Remove Auto Pay on recurring invoices that are stripe $sql_recurring_invoices = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id"); - while ($row = mysqli_fetch_array($sql_recurring_invoices)) { + while ($row = mysqli_fetch_assoc($sql_recurring_invoices)) { $recurring_invoice_id = intval($row['recurring_invoice_id']); mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_method = 'Stripe' AND recurring_payment_recurring_invoice_id = $recurring_invoice_id"); } @@ -67,7 +67,7 @@ if (isset($_GET['stripe_reset_customer'])) { logAction("Stripe", "Delete", "$session_name reset Stripe settings for client", $client_id); flash_alert("Reset client Stripe settings", 'error'); - + redirect(); } diff --git a/admin/post/software_template.php b/admin/post/software_template.php index 9cc86371..1ef95894 100644 --- a/admin/post/software_template.php +++ b/admin/post/software_template.php @@ -51,7 +51,7 @@ if (isset($_GET['delete_software_template'])) { // Get Software Template Name for logging and alert message $sql = mysqli_query($mysqli,"SELECT software_template_name FROM software_templates WHERE software_template_id = $software_template_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $software_template_name = sanitizeInput($row['software_template_name']); mysqli_query($mysqli,"DELETE FROM software_templates WHERE software_template_id = $software_template_id"); diff --git a/admin/post/update.php b/admin/post/update.php index b618bc4a..37ef8021 100644 --- a/admin/post/update.php +++ b/admin/post/update.php @@ -21,7 +21,7 @@ if (isset($_GET['update'])) { if ($config_telemetry > 0 OR $config_telemetry = 2) { $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_name = sanitizeInput($row['company_name']); $website = sanitizeInput($row['company_website']); diff --git a/admin/post/users.php b/admin/post/users.php index 2217a22b..3c77c1ff 100644 --- a/admin/post/users.php +++ b/admin/post/users.php @@ -53,7 +53,7 @@ if (isset($_POST['add_user'])) { mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_config_force_mfa = $force_mfa"); $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_name = sanitizeInput($row['company_name']); // Sanitize Config vars from load_global_settings.php @@ -118,7 +118,7 @@ if (isset($_POST['edit_user'])) { // Get current Avatar $sql = mysqli_query($mysqli, "SELECT user_avatar FROM users WHERE user_id = $user_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $existing_file_name = sanitizeInput($row['user_avatar']); $extended_log_description = ''; @@ -148,7 +148,7 @@ if (isset($_POST['edit_user'])) { // Set Avatar mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id"); $extended_alert_description = '. File successfully uploaded.'; - + } } @@ -353,8 +353,8 @@ if (isset($_POST['ir_reset_user_password'])) { // Confirm logged-in user password, for security $admin_password = $_POST['admin_password']; $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id"); - $userRow = mysqli_fetch_array($sql); - + $userRow = mysqli_fetch_assoc($sql); + if (!password_verify($admin_password, $userRow['user_password'])) { flash_alert("Incorrect password.", 'error'); redirect(); @@ -364,7 +364,7 @@ if (isset($_POST['ir_reset_user_password'])) { $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE (user_archived_at IS NULL AND user_id != $session_user_id)"); // Reset passwords - while ($row = mysqli_fetch_array($sql_users)) { + while ($row = mysqli_fetch_assoc($sql_users)) { $user_id = intval($row['user_id']); $user_email = sanitizeInput($row['user_email']); $new_password = randomString(); diff --git a/admin/project_template.php b/admin/project_template.php index 999a7075..f0131d27 100644 --- a/admin/project_template.php +++ b/admin/project_template.php @@ -61,7 +61,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); diff --git a/admin/project_template_details.php b/admin/project_template_details.php index 57cf2c20..6039d8f4 100644 --- a/admin/project_template_details.php +++ b/admin/project_template_details.php @@ -19,7 +19,7 @@ if (isset($_GET['project_template_id'])) { exit; } - $row = mysqli_fetch_array($sql_project_templates); + $row = mysqli_fetch_assoc($sql_project_templates); $project_template_name = nullable_htmlentities($row['project_template_name']); $project_template_description = nullable_htmlentities($row['project_template_description']); @@ -143,7 +143,7 @@ if (isset($_GET['project_template_id'])) { Project Task Templates diff --git a/admin/roles.php b/admin/roles.php index 2d937240..7661a7d5 100644 --- a/admin/roles.php +++ b/admin/roles.php @@ -65,7 +65,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -118,4 +118,3 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); require_once "custom_field_create_modal.php"; require_once "../includes/footer.php"; - diff --git a/admin/settings_default.php b/admin/settings_default.php index 9348925f..4b7b942c 100644 --- a/admin/settings_default.php +++ b/admin/settings_default.php @@ -42,7 +42,7 @@ require_once "includes/inc_all_admin.php";
- 5 ) { ?> class="ajax-modal" data-modal-url="modals/ticket_status/ticket_status_edit.php?id=" diff --git a/admin/ticket_template.php b/admin/ticket_template.php index b1b214e9..44ba4c9d 100644 --- a/admin/ticket_template.php +++ b/admin/ticket_template.php @@ -8,14 +8,14 @@ require_once "includes/inc_all_admin.php"; $sql = mysqli_query( $mysqli, - "SELECT SQL_CALC_FOUND_ROWS *, + "SELECT SQL_CALC_FOUND_ROWS *, COUNT(task_template_id) AS task_count FROM ticket_templates LEFT JOIN task_templates ON task_template_ticket_template_id = ticket_template_id WHERE (ticket_template_name LIKE '%$q%' OR ticket_template_description LIKE '%$q%') AND ticket_template_archived_at IS NULL GROUP BY ticket_template_id - ORDER BY $sort $order + ORDER BY $sort $order LIMIT $record_from, $record_to" ); @@ -69,7 +69,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Never logged in"; } else { - $row = mysqli_fetch_array($sql_last_login); + $row = mysqli_fetch_assoc($sql_last_login); $log_created_at = nullable_htmlentities($row['log_created_at']); $log_ip = nullable_htmlentities($row['log_ip']); $log_user_agent = nullable_htmlentities($row['log_user_agent']); diff --git a/admin/vendor_template.php b/admin/vendor_template.php index b201d0df..168b3b12 100644 --- a/admin/vendor_template.php +++ b/admin/vendor_template.php @@ -64,7 +64,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); DATE_SUB(NOW(), INTERVAL 2 MINUTE)"); - while ($row = mysqli_fetch_array($query)) { + while ($row = mysqli_fetch_assoc($query)) { $users[] = $row['user_name']; } @@ -195,21 +170,21 @@ if (isset($_GET['share_generate_link'])) { $item_expires_friendly = "1 month"; } - $item_key = randomString(156); + $item_key = randomString(32); if ($item_type == "Document") { - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1")); $item_name = sanitizeInput($row['document_name']); } if ($item_type == "File") { - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1")); $item_name = sanitizeInput($row['file_name']); } if ($item_type == "Credential") { $credential = mysqli_query($mysqli, "SELECT credential_name, credential_username, credential_password FROM credentials WHERE credential_id = $item_id AND credential_client_id = $client_id LIMIT 1"); - $row = mysqli_fetch_array($credential); + $row = mysqli_fetch_assoc($credential); $item_name = sanitizeInput($row['credential_name']); @@ -240,7 +215,7 @@ if (isset($_GET['share_generate_link'])) { } $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_name = sanitizeInput($row['company_name']); $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); @@ -298,7 +273,7 @@ if (isset($_GET['get_active_clients'])) { ORDER BY client_accessed_at DESC" ); - while ($row = mysqli_fetch_array($client_sql)) { + while ($row = mysqli_fetch_assoc($client_sql)) { $response['clients'][] = $row; } @@ -322,7 +297,7 @@ if (isset($_GET['get_client_contacts'])) { ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name" ); - while ($row = mysqli_fetch_array($contact_sql)) { + while ($row = mysqli_fetch_assoc($contact_sql)) { $response['contacts'][] = $row; } @@ -347,7 +322,7 @@ if (isset($_GET['get_client_assets'])) { ORDER BY asset_important DESC, asset_name" ); - while ($row = mysqli_fetch_array($asset_sql)) { + while ($row = mysqli_fetch_assoc($asset_sql)) { $response['assets'][] = $row; } @@ -371,7 +346,7 @@ if (isset($_GET['get_client_locations'])) { ORDER BY location_primary DESC, location_name ASC" ); - while ($row = mysqli_fetch_array($locations_sql)) { + while ($row = mysqli_fetch_assoc($locations_sql)) { $response['locations'][] = $row; } @@ -395,7 +370,7 @@ if (isset($_GET['get_client_vendors'])) { ORDER BY vendor_name ASC" ); - while ($row = mysqli_fetch_array($vendors_sql)) { + while ($row = mysqli_fetch_assoc($vendors_sql)) { $response['vendors'][] = $row; } @@ -496,13 +471,13 @@ if (isset($_POST['update_kanban_ticket'])) { if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { // Get details - $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id LEFT JOIN contacts ON ticket_contact_id = contact_id LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id "); - $row = mysqli_fetch_array($ticket_sql); + $row = mysqli_fetch_assoc($ticket_sql); $contact_name = sanitizeInput($row['contact_name']); $contact_email = sanitizeInput($row['contact_email']); @@ -521,7 +496,7 @@ if (isset($_POST['update_kanban_ticket'])) { // Get Company Info $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_name = sanitizeInput($row['company_name']); $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); @@ -550,7 +525,7 @@ if (isset($_POST['update_kanban_ticket'])) { // Also Email all the watchers $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_array($sql_watchers)) { + while ($row = mysqli_fetch_assoc($sql_watchers)) { $watcher_email = sanitizeInput($row['watcher_email']); // Queue Mail @@ -691,7 +666,7 @@ if (isset($_GET['client_duplicate_check'])) { ); if (mysqli_num_rows($sql_clients) > 0) { - while ($row = mysqli_fetch_array($sql_clients)) { + while ($row = mysqli_fetch_assoc($sql_clients)) { $response['message'] = " Potential duplicate: " . nullable_htmlentities($row['client_name']) . " already exists."; } } @@ -713,7 +688,7 @@ if (isset($_GET['contact_email_check'])) { // 1. Duplicate check $sql_contacts = mysqli_query($mysqli, "SELECT contact_email FROM contacts WHERE contact_email = '$email' LIMIT 1"); if (mysqli_num_rows($sql_contacts) > 0) { - while ($row = mysqli_fetch_array($sql_contacts)) { + while ($row = mysqli_fetch_assoc($sql_contacts)) { $response['message'] = " Potential duplicate: " . nullable_htmlentities($row['contact_email']) . " already exists."; } } @@ -734,7 +709,7 @@ if (isset($_GET['ai_reword'])) { $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $model_name = $row['ai_model_name']; $promptText = $row['ai_model_prompt']; $url = $row['ai_provider_api_url']; @@ -805,7 +780,7 @@ if (isset($_GET['ai_create_document_template'])) { $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $model_name = $row['ai_model_name']; $url = $row['ai_provider_api_url']; $key = $row['ai_provider_api_key']; @@ -861,7 +836,7 @@ if (isset($_GET['ai_ticket_summary'])) { $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $model_name = $row['ai_model_name']; $url = $row['ai_provider_api_url']; $key = $row['ai_provider_api_key']; @@ -905,7 +880,7 @@ if (isset($_GET['ai_ticket_summary'])) { } $prompt = " - Summarize the following IT support ticket and its responses in a concise, clear, and professional manner. + Summarize the following IT support ticket and its responses in a concise, clear, and professional manner. The summary should include: 1. Main Issue: What was the problem reported by the user? @@ -992,3 +967,23 @@ if (isset($_GET['apex_domain_check'])) { echo json_encode($response); } + +// Get internal users/techs +if (isset($_GET['get_internal_users'])) { + enforceUserPermission('module_support'); + + $sql = mysqli_query( + $mysqli, + "SELECT user_id, user_name + FROM users + WHERE user_type = 1 AND user_status = 1 AND user_archived_at IS NULL + ORDER BY user_name" + ); + + while ($row = mysqli_fetch_assoc($sql)) { + $response['users'][] = $row; + } + + echo json_encode($response); + exit; +} diff --git a/agent/asset_details.php b/agent/asset_details.php index f5d8deeb..5da8b5e6 100644 --- a/agent/asset_details.php +++ b/agent/asset_details.php @@ -29,7 +29,7 @@ if (isset($_GET['asset_id'])) { } else { - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); $asset_id = intval($row['asset_id']); @@ -51,6 +51,7 @@ if (isset($_GET['asset_id'])) { $asset_photo = nullable_htmlentities($row['asset_photo']); $asset_physical_location = nullable_htmlentities($row['asset_physical_location']); $asset_notes = nullable_htmlentities($row['asset_notes']); + $asset_favorite = intval($row['asset_favorite']); $asset_created_at = nullable_htmlentities($row['asset_created_at']); $asset_vendor_id = intval($row['asset_vendor_id']); $asset_location_id = intval($row['asset_location_id']); @@ -66,8 +67,11 @@ if (isset($_GET['asset_id'])) { $contact_name = nullable_htmlentities($row['contact_name']); $contact_email = nullable_htmlentities($row['contact_email']); - $contact_phone = nullable_htmlentities($row['contact_phone']); - $contact_mobile = nullable_htmlentities($row['contact_mobile']); + $contact_phone_country_code = nullable_htmlentities($row['contact_phone_country_code']); + $contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code)); + $contact_extension = nullable_htmlentities($row['contact_extension']); + $contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']); + $contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code)); $contact_archived_at = nullable_htmlentities($row['contact_archived_at']); if ($contact_archived_at) { $contact_name_display = "$contact_name"; @@ -122,7 +126,7 @@ if (isset($_GET['asset_id'])) { $asset_tag_name_display_array = array(); $asset_tag_id_array = array(); $sql_asset_tags = mysqli_query($mysqli, "SELECT * FROM asset_tags LEFT JOIN tags ON asset_tag_tag_id = tag_id WHERE asset_tag_asset_id = $asset_id ORDER BY tag_name ASC"); - while ($row = mysqli_fetch_array($sql_asset_tags)) { + while ($row = mysqli_fetch_assoc($sql_asset_tags)) { $asset_tag_id = intval($row['tag_id']); $asset_tag_name = nullable_htmlentities($row['tag_name']); @@ -223,7 +227,7 @@ if (isset($_GET['asset_id'])) { credentials.credential_password, credentials.credential_otp_secret, credentials.credential_note, - credentials.credential_important, + credentials.credential_favorite, credentials.credential_contact_id, credentials.credential_asset_id FROM credentials @@ -270,7 +274,9 @@ if (isset($_GET['asset_id'])) { data-modal-url="modals/asset/asset_edit.php?id="> -

+

+ +

asset_photo"> @@ -285,25 +291,25 @@ if (isset($_GET['asset_id'])) { -
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -351,10 +357,13 @@ if (isset($_GET['asset_id'])) {
-
+
+ +
-
+
@@ -517,7 +526,7 @@ if (isset($_GET['asset_id'])) { - + Hover.."; } $credential_note = nullable_htmlentities($row['credential_note']); - $credential_important = intval($row['credential_important']); + $credential_favorite = intval($row['credential_favorite']); $credential_contact_id = intval($row['credential_contact_id']); $credential_asset_id = intval($row['credential_asset_id']); @@ -659,7 +668,7 @@ if (isset($_GET['asset_id'])) { $credential_tag_name_display_array = array(); $credential_tag_id_array = array(); $sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC"); - while ($row = mysqli_fetch_array($sql_credential_tags)) { + while ($row = mysqli_fetch_assoc($sql_credential_tags)) { $credential_tag_id = intval($row['tag_id']); $credential_tag_name = nullable_htmlentities($row['tag_name']); @@ -758,7 +767,7 @@ if (isset($_GET['asset_id'])) { @@ -275,7 +275,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $access_permission_query ORDER BY client_name ASC "); - while ($row = mysqli_fetch_array($sql_clients_filter)) { + while ($row = mysqli_fetch_assoc($sql_clients_filter)) { $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); ?> @@ -303,7 +303,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); GROUP BY tag_id HAVING COUNT(asset_tag_asset_id) > 0 OR tag_id IN ($tag_filter) "); - while ($row = mysqli_fetch_array($sql_tags_filter)) { + while ($row = mysqli_fetch_assoc($sql_tags_filter)) { $tag_id = intval($row['tag_id']); $tag_name = nullable_htmlentities($row['tag_name']); ?> @@ -345,6 +345,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); Bulk Action ()
+ +
+ +
-
+
"; } ?>
diff --git a/agent/blank.php b/agent/blank.php index 30e47834..e69de29b 100644 --- a/agent/blank.php +++ b/agent/blank.php @@ -1,72 +0,0 @@ - - - -
    -
  1. - Dashboard -
    2. -
  2. Blank Page
    3. -
- - -

Blank Page

-
-

This is a great starting point for new custom pages.

-

- - -$start_date"; - -echo "

User Agent

"; -echo getUserAgent(); - - -?> -
- - - -
- - -
- -
-
Requester
-
Sam Adams
- -
Created
-
- -
Last activity
-
-
- - -
- - - - - -$date_time"; -?> - - - -
- +
@@ -37,11 +37,11 @@ if (isset($_GET['calendar_id'])) {
- +
- +
@@ -85,7 +85,7 @@ require_once "modals/calendar/calendar_event_add.php"; //loop through IDs and create a modal for each $sql = mysqli_query($mysqli, "SELECT * FROM calendar_events LEFT JOIN calendars ON event_calendar_id = calendar_id $client_event_query"); -while ($row = mysqli_fetch_array($sql)) { +while ($row = mysqli_fetch_assoc($sql)) { $event_id = intval($row['event_id']); $event_title = nullable_htmlentities($row['event_title']); $event_description = nullable_htmlentities($row['event_description']); @@ -166,7 +166,7 @@ while ($row = mysqli_fetch_array($sql)) { events: [ firstDay: , diff --git a/agent/certificates.php b/agent/certificates.php index dbf25a4d..408ad3c0 100644 --- a/agent/certificates.php +++ b/agent/certificates.php @@ -111,7 +111,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $access_permission_query ORDER BY client_name ASC "); - while ($row = mysqli_fetch_array($sql_clients_filter)) { + while ($row = mysqli_fetch_assoc($sql_clients_filter)) { $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); ?> @@ -194,7 +194,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+ 0) { ?> + +
+ +
+
+
Favorite Assets
+
+
+
+ + + + + + +
+ + + + +
+
+
+ +
+ + + + 0) { ?> + +
+ +
+
+
Favorite Credentials
+
+
+ + " . truncate($credential_uri,40) . ""; + } + $credential_uri_2 = sanitize_url($row['credential_uri_2']); + $credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username'])); + if (empty($credential_username)) { + $credential_username_display = "-"; + } else { + $credential_username_display = "$credential_username"; + } + $credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password'])); + $credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']); + $credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"'; + if (empty($credential_otp_secret)) { + $otp_display = "-"; + } else { + $otp_display = " Hover.."; + } + + ?> + + + + + + + + +
+ + + + + +
+
+
+ +
+ + + 0) { ?>
@@ -301,7 +424,7 @@ $sql_asset_retired = mysqli_query( + + + - - - -
-
- - - - - - - - - - - - - - Never

"; - } else { - $ticket_updated_at_display = "

Never

"; - } - } else { - $ticket_updated_at_display = $ticket_updated_at; - } - $ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']); - - if ($ticket_priority == "High") { - $ticket_priority_display = "$ticket_priority"; - } elseif ($ticket_priority == "Medium") { - $ticket_priority_display = "$ticket_priority"; - } elseif ($ticket_priority == "Low") { - $ticket_priority_display = "$ticket_priority"; - } else { - $ticket_priority_display = "-"; - } - $ticket_assigned_to = intval($row['ticket_assigned_to']); - if (empty($ticket_assigned_to)) { - if ($ticket_status == "Closed") { - $ticket_assigned_to_display = "

Not Assigned

"; - } else { - $ticket_assigned_to_display = "

Not Assigned

"; - } - } else { - $ticket_assigned_to_display = nullable_htmlentities($row['user_name']); - } - - ?> - - - - - - - - - - - - - - -
NumberSubjectPriorityStatusAssignedLast ResponseCreated
-
-
- - - -
- - -
-
- - - - - - - - - - - +
+
- while ($row = mysqli_fetch_array($sql_linked_software)) { - $software_id = intval($row['software_id']); - $software_name = nullable_htmlentities($row['software_name']); - $software_version = nullable_htmlentities($row['software_version']); - $software_type = nullable_htmlentities($row['software_type']); - $software_license_type = nullable_htmlentities($row['software_license_type']); - $software_key = nullable_htmlentities($row['software_key']); - $software_seats = nullable_htmlentities($row['software_seats']); - $software_purchase = nullable_htmlentities($row['software_purchase']); - $software_expire = nullable_htmlentities($row['software_expire']); - $software_notes = nullable_htmlentities($row['software_notes']); + +
" id="pills-contact-assets"> - $seat_count = 0; +
+
SoftwareTypeKeySeats
+ + + + + + + + + + + + - - - - - - + // Tags + $asset_tag_name_display_array = array(); + $sql_asset_tags = mysqli_query($mysqli, "SELECT * FROM asset_tags LEFT JOIN tags ON asset_tag_tag_id = tag_id WHERE asset_tag_asset_id = $asset_id ORDER BY tag_name ASC"); + while ($row2 = mysqli_fetch_assoc($sql_asset_tags)) { + $asset_tag_id = intval($row2['tag_id']); + $asset_tag_name = nullable_htmlentities($row2['tag_name']); + $asset_tag_color = nullable_htmlentities($row2['tag_color']); + if (empty($asset_tag_color)) { + $asset_tag_color = "dark"; + } + $asset_tag_icon = nullable_htmlentities($row2['tag_icon']); + if (empty($asset_tag_icon)) { + $asset_tag_icon = "tag"; + } - $asset_tag_name"; + } + $asset_tags_display = implode('', $asset_tag_name_display_array); + $asset_favorite = intval($row['asset_favorite']); - } + ?> + + + + + + + + + + +
Name/DescriptionTypeMake/ModelSerial NumberInstall DateStatus
+ + + "; } ?> + +
+ +
+ +
+ +
+ + 		+ +
+ +
+
+
- ?> +
+ + + +
" id="pills-contact-credentials"> +
+ + + + + + + + + + + + + "; + } + + $credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password'])); + + $credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']); + if (empty($credential_otp_secret)) { + $otp_display = "-"; + } else { + $otp_display = " Hover.."; + } + ?> + + + + + + + + + + +
NameDescriptionUsernamePasswordOTPURI
+ + +
+
+ +
+ + + +
" id="pills-contact-tickets"> +
+ + + + + + + + + + + + + + Never

"; + } else { + $ticket_updated_at_display = "

Never

"; + } + } else { + $ticket_updated_at_display = $ticket_updated_at; + } + + if ($ticket_priority == "High") { + $ticket_priority_display = "$ticket_priority"; + } elseif ($ticket_priority == "Medium") { + $ticket_priority_display = "$ticket_priority"; + } elseif ($ticket_priority == "Low") { + $ticket_priority_display = "$ticket_priority"; + } else { + $ticket_priority_display = "-"; + } + + $ticket_assigned_to = intval($row['ticket_assigned_to']); + if (empty($ticket_assigned_to)) { + if ($ticket_status == "Closed") { + $ticket_assigned_to_display = "

Not Assigned

"; + } else { + $ticket_assigned_to_display = "

Not Assigned

"; + } + } else { + $ticket_assigned_to_display = nullable_htmlentities($row['user_name']); + } + ?> + + + + + + + + + + + +
NumberSubjectPriorityStatusAssignedLast ResponseCreated
+ + + +
+
+
+ + + +
" id="pills-contact-recurring-tickets"> +
+ + + + + + + + + + + + + + + + + + + +
SubjectPriorityFrequencyNext Run
+
+
+ + + +
" id="pills-contact-licenses"> +
+ + + + + + + + + + + + + + + + + + + +
SoftwareTypeKeySeats
+
+
+ + + +
" id="pills-contact-documents"> +
+ + + + + + + + + + + + + + + + + + + +
Document TitleByCreatedUpdated
+ + + +
+
+
+
+ + + +
" id="pills-contact-files"> +
+ + + + + + + + + + + + + + + + + + + +
File NameTypeSizeUploaded
+
+
+ 		KB
+
+
+ + + +
" id="pills-contact-notes"> +
+ + + + + + + + + + + + + + + + + + + +
TypeNoteByCreated
+
+
+ - -
- - - -
- -
- - - - - - - - - - - - - - - - - - - - - - -
Document TitleByCreatedUpdated
- - - -
-
-
-
- - - -
-
- - - - - - - - - - - - - - - - - - - - - - -
File NameTypeSizeUploaded
-
-
- 		KB
-
-
- - - -
-
- - - - - - - - - - - - - - - - - - - - - - -
TypeNoteByCreated
-
-
-
@@ -894,10 +889,10 @@ ob_start();
- More Details + Open Full Contact - + Edit
diff --git a/agent/modals/contact/contact_edit.php b/agent/modals/contact/contact_edit.php index d258ace5..18ad5e0a 100644 --- a/agent/modals/contact/contact_edit.php +++ b/agent/modals/contact/contact_edit.php @@ -10,7 +10,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1" ); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $client_id = intval($row['contact_client_id']); $contact_name = nullable_htmlentities($row['contact_name']); $contact_title = nullable_htmlentities($row['contact_title']); @@ -38,7 +38,7 @@ $contact_user_id = intval($row['contact_user_id']); // Tags $contact_tag_id_array = array(); $sql_contact_tags = mysqli_query($mysqli, "SELECT tag_id FROM contact_tags WHERE contact_id = $contact_id"); -while ($row = mysqli_fetch_array($sql_contact_tags)) { +while ($row = mysqli_fetch_assoc($sql_contact_tags)) { $contact_tag_id = intval($row['tag_id']); $contact_tag_id_array[] = $contact_tag_id; } @@ -133,7 +133,7 @@ ob_start();
- +
@@ -169,7 +169,7 @@ ob_start(); @@ -377,4 +377,3 @@ $(document).ready(function() { require_once '../../../includes/modal_footer.php'; ?> - diff --git a/agent/modals/contact/contact_link_asset.php b/agent/modals/contact/contact_link_asset.php index 1db6dbe8..0443126e 100644 --- a/agent/modals/contact/contact_link_asset.php +++ b/agent/modals/contact/contact_link_asset.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -44,7 +44,7 @@ ob_start(); AND asset_archived_at IS NULL ORDER BY asset_name ASC "); - while ($row = mysqli_fetch_array($sql_assets_select)) { + while ($row = mysqli_fetch_assoc($sql_assets_select)) { $asset_id = intval($row['asset_id']); $asset_name = nullable_htmlentities($row['asset_name']); ?> diff --git a/agent/modals/contact/contact_link_credential.php b/agent/modals/contact/contact_link_credential.php index a4a8a4d4..5fffa77c 100644 --- a/agent/modals/contact/contact_link_credential.php +++ b/agent/modals/contact/contact_link_credential.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -44,7 +44,7 @@ ob_start(); AND credential_archived_at IS NULL ORDER BY credential_name ASC "); - while ($row = mysqli_fetch_array($sql_credentials_select)) { + while ($row = mysqli_fetch_assoc($sql_credentials_select)) { $credential_id = intval($row['credential_id']); $credential_name = nullable_htmlentities($row['credential_name']); ?> diff --git a/agent/modals/contact/contact_link_document.php b/agent/modals/contact/contact_link_document.php index ac5f54c7..946f8ecb 100644 --- a/agent/modals/contact/contact_link_document.php +++ b/agent/modals/contact/contact_link_document.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -47,7 +47,7 @@ ob_start(); AND contact_documents.contact_id IS NULL ORDER BY documents.document_name ASC "); - while ($row = mysqli_fetch_array($sql_documents_select)) { + while ($row = mysqli_fetch_assoc($sql_documents_select)) { $document_id = intval($row['document_id']); $document_name = nullable_htmlentities($row['document_name']); ?> diff --git a/agent/modals/contact/contact_link_file.php b/agent/modals/contact/contact_link_file.php index 2cb882c2..a12d2e3a 100644 --- a/agent/modals/contact/contact_link_file.php +++ b/agent/modals/contact/contact_link_file.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -49,7 +49,7 @@ ob_start(); ORDER BY folders.folder_name ASC, files.file_name ASC "); - while ($row = mysqli_fetch_array($sql_files_select)) { + while ($row = mysqli_fetch_assoc($sql_files_select)) { $file_id = intval($row['file_id']); $file_name = nullable_htmlentities($row['file_name']); $folder_name = nullable_htmlentities($row['folder_name']); diff --git a/agent/modals/contact/contact_link_service.php b/agent/modals/contact/contact_link_service.php index 124dd53e..e8d8e447 100644 --- a/agent/modals/contact/contact_link_service.php +++ b/agent/modals/contact/contact_link_service.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -46,7 +46,7 @@ ob_start(); AND service_contacts.contact_id IS NULL ORDER BY services.service_name ASC "); - while ($row = mysqli_fetch_array($sql_services_select)) { + while ($row = mysqli_fetch_assoc($sql_services_select)) { $service_id = intval($row['service_id']); $service_name = nullable_htmlentities($row['service_name']); ?> diff --git a/agent/modals/contact/contact_link_software.php b/agent/modals/contact/contact_link_software.php index c08ef77e..f53cac9f 100644 --- a/agent/modals/contact/contact_link_software.php +++ b/agent/modals/contact/contact_link_software.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); $client_id = intval($row['contact_client_id']); @@ -48,7 +48,7 @@ ob_start(); AND software_contacts.contact_id IS NULL ORDER BY software.software_name ASC "); - while ($row = mysqli_fetch_array($sql_software_select)) { + while ($row = mysqli_fetch_assoc($sql_software_select)) { $software_id = intval($row['software_id']); $software_name = nullable_htmlentities($row['software_name']); ?> diff --git a/agent/modals/contact/contact_note_add.php b/agent/modals/contact/contact_note_add.php index 1b38d210..fefaf7df 100644 --- a/agent/modals/contact/contact_note_add.php +++ b/agent/modals/contact/contact_note_add.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $contact_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT contact_name FROM contacts WHERE contact_id = $contact_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $contact_name = nullable_htmlentities($row['contact_name']); // Generate the HTML form content using output buffering. diff --git a/agent/modals/credential/credential_add.php b/agent/modals/credential/credential_add.php index 3392bdf5..46710e89 100644 --- a/agent/modals/credential/credential_add.php +++ b/agent/modals/credential/credential_add.php @@ -16,7 +16,7 @@ ob_start();
- +
    @@ -54,7 +54,7 @@ ob_start(); @@ -75,7 +75,9 @@ ob_start();
    - +
@@ -165,7 +167,7 @@ ob_start(); @@ -192,7 +194,7 @@ ob_start(); diff --git a/agent/modals/credential/credential_bulk_assign_tags.php b/agent/modals/credential/credential_bulk_assign_tags.php index c0ed149f..abe06b92 100644 --- a/agent/modals/credential/credential_bulk_assign_tags.php +++ b/agent/modals/credential/credential_bulk_assign_tags.php @@ -37,7 +37,7 @@ ob_start(); diff --git a/agent/modals/credential/credential_edit.php b/agent/modals/credential/credential_edit.php index 6ddef00e..98ce375b 100644 --- a/agent/modals/credential/credential_edit.php +++ b/agent/modals/credential/credential_edit.php @@ -6,7 +6,7 @@ $credential_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $client_id = intval($row['credential_client_id']); $credential_name = nullable_htmlentities($row['credential_name']); $credential_description = nullable_htmlentities($row['credential_description']); @@ -20,14 +20,14 @@ $credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']); $credential_note = nullable_htmlentities($row['credential_note']); $credential_created_at = nullable_htmlentities($row['credential_created_at']); $credential_archived_at = nullable_htmlentities($row['credential_archived_at']); -$credential_important = intval($row['credential_important']); +$credential_favorite = intval($row['credential_favorite']); $credential_contact_id = intval($row['credential_contact_id']); $credential_asset_id = intval($row['credential_asset_id']); // Tags $credential_tag_id_array = array(); $sql_credential_tags = mysqli_query($mysqli, "SELECT tag_id FROM credential_tags WHERE credential_id = $credential_id"); -while ($row = mysqli_fetch_array($sql_credential_tags)) { +while ($row = mysqli_fetch_assoc($sql_credential_tags)) { $credential_tag_id = intval($row['tag_id']); $credential_tag_id_array[] = $credential_tag_id; } @@ -75,7 +75,13 @@ ob_start();
- > +
@@ -178,7 +184,7 @@ ob_start(); @@ -199,7 +205,7 @@ ob_start(); diff --git a/agent/modals/credential/credential_view.php b/agent/modals/credential/credential_view.php index 474564fa..33dd3509 100644 --- a/agent/modals/credential/credential_view.php +++ b/agent/modals/credential/credential_view.php @@ -5,8 +5,8 @@ require_once '../../../includes/modal_header.php'; $credential_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1"); - -$row = mysqli_fetch_array($sql); + +$row = mysqli_fetch_assoc($sql); $credential_name = nullable_htmlentities($row['credential_name']); $credential_description = nullable_htmlentities($row['credential_description']); $credential_uri = nullable_htmlentities($row['credential_uri']); diff --git a/agent/modals/document/document_add_file_relation.php b/agent/modals/document/document_add_file_relation.php index 8a986ead..32816119 100644 --- a/agent/modals/document/document_add_file_relation.php +++ b/agent/modals/document/document_add_file_relation.php @@ -20,10 +20,10 @@
-
-
-
- -
- -
-
-
diff --git a/agent/modals/document/document_edit_visibility.php b/agent/modals/document/document_edit_visibility.php index 2234a6fc..6241a2c4 100644 --- a/agent/modals/document/document_edit_visibility.php +++ b/agent/modals/document/document_edit_visibility.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $document_client_visible = intval($row['document_client_visible']); $client_id = intval($row['document_client_id']); diff --git a/agent/modals/document/document_link_asset.php b/agent/modals/document/document_link_asset.php index b8eca7b6..cab4660a 100644 --- a/agent/modals/document/document_link_asset.php +++ b/agent/modals/document/document_link_asset.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $client_id = intval($row['document_client_id']); @@ -45,7 +45,7 @@ ob_start(); AND asset_documents.asset_id IS NULL ORDER BY asset_name ASC "); - while ($row = mysqli_fetch_array($sql_assets_select)) { + while ($row = mysqli_fetch_assoc($sql_assets_select)) { $asset_id = intval($row['asset_id']); $asset_name = nullable_htmlentities($row['asset_name']); diff --git a/agent/modals/document/document_link_contact.php b/agent/modals/document/document_link_contact.php index 07d715c9..74cb85d9 100644 --- a/agent/modals/document/document_link_contact.php +++ b/agent/modals/document/document_link_contact.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $client_id = intval($row['document_client_id']); @@ -46,7 +46,7 @@ ob_start(); AND contact_documents.contact_id IS NULL ORDER BY contact_name ASC "); - while ($row = mysqli_fetch_array($sql_contacts_select)) { + while ($row = mysqli_fetch_assoc($sql_contacts_select)) { $contact_id = intval($row['contact_id']); $contact_name = nullable_htmlentities($row['contact_name']); diff --git a/agent/modals/document/document_link_file.php b/agent/modals/document/document_link_file.php index 213099b7..18986935 100644 --- a/agent/modals/document/document_link_file.php +++ b/agent/modals/document/document_link_file.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $client_id = intval($row['document_client_id']); @@ -48,7 +48,7 @@ ob_start(); AND document_files.file_id IS NULL ORDER BY folder_name ASC, file_name ASC "); - while ($row = mysqli_fetch_array($sql_files_select)) { + while ($row = mysqli_fetch_assoc($sql_files_select)) { $file_id = intval($row['file_id']); $file_name = nullable_htmlentities($row['file_name']); $folder_name = nullable_htmlentities($row['folder_name']); diff --git a/agent/modals/document/document_link_software.php b/agent/modals/document/document_link_software.php index d0474485..4e13f146 100644 --- a/agent/modals/document/document_link_software.php +++ b/agent/modals/document/document_link_software.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $client_id = intval($row['document_client_id']); @@ -47,7 +47,7 @@ ob_start(); ORDER BY software_name ASC "); - while ($row = mysqli_fetch_array($sql_software_select)) { + while ($row = mysqli_fetch_assoc($sql_software_select)) { $software_id = intval($row['software_id']); $software_name = nullable_htmlentities($row['software_name']); diff --git a/agent/modals/document/document_link_vendor.php b/agent/modals/document/document_link_vendor.php index ea5079dc..1bdec19d 100644 --- a/agent/modals/document/document_link_vendor.php +++ b/agent/modals/document/document_link_vendor.php @@ -9,7 +9,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM documents LIMIT 1 "); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $client_id = intval($row['document_client_id']); @@ -46,7 +46,7 @@ ob_start(); AND vendor_documents.vendor_id IS NULL ORDER BY vendor_name ASC "); - while ($row = mysqli_fetch_array($sql_vendors_select)) { + while ($row = mysqli_fetch_assoc($sql_vendors_select)) { $vendor_id = intval($row['vendor_id']); $vendor_name = nullable_htmlentities($row['vendor_name']); diff --git a/agent/modals/document/document_move.php b/agent/modals/document/document_move.php index f50d130d..f68429b0 100644 --- a/agent/modals/document/document_move.php +++ b/agent/modals/document/document_move.php @@ -5,8 +5,8 @@ require_once '../../../includes/modal_header.php'; $document_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id LIMIT 1"); - -$row = mysqli_fetch_array($sql); + +$row = mysqli_fetch_assoc($sql); $client_id = intval($row['document_client_id']); $document_folder_id = nullable_htmlentities($row['document_folder_id']); $document_name = nullable_htmlentities($row['document_name']); @@ -35,7 +35,7 @@ ob_start(); purify($row['document_version_content']); diff --git a/agent/modals/document/document_view.php b/agent/modals/document/document_view.php index 6a4c84a2..9d7da415 100644 --- a/agent/modals/document/document_view.php +++ b/agent/modals/document/document_view.php @@ -13,8 +13,8 @@ $purifier = new HTMLPurifier($purifier_config); $document_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id LIMIT 1"); - -$row = mysqli_fetch_array($sql); + +$row = mysqli_fetch_assoc($sql); $document_name = nullable_htmlentities($row['document_name']); $document_content = $purifier->purify($row['document_content']); diff --git a/agent/modals/domain/domain_add.php b/agent/modals/domain/domain_add.php index 7a36a543..ca945bdf 100644 --- a/agent/modals/domain/domain_add.php +++ b/agent/modals/domain/domain_add.php @@ -23,7 +23,7 @@ ob_start();
  • Notes
    • - +
    @@ -47,7 +47,7 @@ ob_start(); @@ -94,7 +94,7 @@ ob_start(); @@ -115,7 +115,7 @@ ob_start(); @@ -136,7 +136,7 @@ ob_start(); @@ -157,7 +157,7 @@ ob_start(); @@ -187,7 +187,7 @@ ob_start(); - +
    diff --git a/agent/modals/domain/domain_edit.php b/agent/modals/domain/domain_edit.php index 8019f40f..f0414060 100644 --- a/agent/modals/domain/domain_edit.php +++ b/agent/modals/domain/domain_edit.php @@ -5,8 +5,8 @@ require_once '../../../includes/modal_header.php'; $domain_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id LIMIT 1"); - -$row = mysqli_fetch_array($sql); + +$row = mysqli_fetch_assoc($sql); $domain_name = nullable_htmlentities($row['domain_name']); $domain_description = nullable_htmlentities($row['domain_description']); $domain_expire = nullable_htmlentities($row['domain_expire']); @@ -92,12 +92,12 @@ ob_start(); - @@ -114,12 +114,12 @@ ob_start(); - @@ -136,12 +136,12 @@ ob_start(); - @@ -158,12 +158,12 @@ ob_start(); - @@ -254,8 +254,8 @@ ob_start(); - @@ -135,7 +135,7 @@ ob_start(); @@ -169,7 +169,7 @@ ob_start(); diff --git a/agent/modals/expense/expense_bulk_edit_account.php b/agent/modals/expense/expense_bulk_edit_account.php index ca85880c..642ccaba 100644 --- a/agent/modals/expense/expense_bulk_edit_account.php +++ b/agent/modals/expense/expense_bulk_edit_account.php @@ -32,21 +32,21 @@ ob_start(); diff --git a/agent/modals/expense/expense_bulk_edit_client.php b/agent/modals/expense/expense_bulk_edit_client.php index 53578782..b65ff79d 100644 --- a/agent/modals/expense/expense_bulk_edit_client.php +++ b/agent/modals/expense/expense_bulk_edit_client.php @@ -37,7 +37,7 @@ ob_start(); diff --git a/agent/modals/expense/expense_copy.php b/agent/modals/expense/expense_copy.php index 099251df..cff64d16 100644 --- a/agent/modals/expense/expense_copy.php +++ b/agent/modals/expense/expense_copy.php @@ -6,7 +6,7 @@ $expense_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $expense_date = nullable_htmlentities($row['expense_date']); $expense_amount = floatval($row['expense_amount']); $expense_currency_code = nullable_htmlentities($row['expense_currency_code']); @@ -68,21 +68,21 @@ ob_start(); @@ -148,7 +148,7 @@ ob_start(); @@ -176,7 +176,7 @@ ob_start(); diff --git a/agent/modals/expense/expense_edit.php b/agent/modals/expense/expense_edit.php index 1fb3aeac..7d980cae 100644 --- a/agent/modals/expense/expense_edit.php +++ b/agent/modals/expense/expense_edit.php @@ -10,7 +10,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1" ); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $expense_date = nullable_htmlentities($row['expense_date']); $expense_amount = floatval($row['expense_amount']); $expense_currency_code = nullable_htmlentities($row['expense_currency_code']); @@ -76,7 +76,7 @@ ob_start(); '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_archived_at ASC, account_name ASC"); - while ($row = mysqli_fetch_array($sql_accounts)) { + while ($row = mysqli_fetch_assoc($sql_accounts)) { $account_id_select = intval($row['account_id']); $account_name_select = nullable_htmlentities($row['account_name']); $opening_balance = floatval($row['opening_balance']); @@ -88,15 +88,15 @@ ob_start(); } $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select"); - $row = mysqli_fetch_array($sql_payments); + $row = mysqli_fetch_assoc($sql_payments); $total_payments = floatval($row['total_payments']); $sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id_select"); - $row = mysqli_fetch_array($sql_revenues); + $row = mysqli_fetch_assoc($sql_revenues); $total_revenues = floatval($row['total_revenues']); $sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id_select"); - $row = mysqli_fetch_array($sql_expenses); + $row = mysqli_fetch_assoc($sql_expenses); $total_expenses = floatval($row['total_expenses']); $balance = $opening_balance + $total_payments + $total_revenues - $total_expenses; @@ -121,7 +121,7 @@ ob_start(); '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC"); - while ($row = mysqli_fetch_array($sql_select)) { + while ($row = mysqli_fetch_assoc($sql_select)) { $vendor_id_select = intval($row['vendor_id']); $vendor_name_select = nullable_htmlentities($row['vendor_name']); ?> @@ -166,7 +166,7 @@ ob_start(); '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); - while ($row = mysqli_fetch_array($sql_select)) { + while ($row = mysqli_fetch_assoc($sql_select)) { $category_id_select = intval($row['category_id']); $category_name_select = nullable_htmlentities($row['category_name']); ?> @@ -200,7 +200,7 @@ ob_start(); diff --git a/agent/modals/expense/expense_export.php b/agent/modals/expense/expense_export.php index ce9bb705..e932f517 100644 --- a/agent/modals/expense/expense_export.php +++ b/agent/modals/expense/expense_export.php @@ -27,7 +27,7 @@ ob_start(); @@ -51,7 +51,7 @@ ob_start(); @@ -75,7 +75,7 @@ ob_start(); diff --git a/agent/modals/expense/expense_refund.php b/agent/modals/expense/expense_refund.php index ee8677d0..f1c4e6b5 100644 --- a/agent/modals/expense/expense_refund.php +++ b/agent/modals/expense/expense_refund.php @@ -6,7 +6,7 @@ $expense_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $expense_date = nullable_htmlentities($row['expense_date']); $expense_amount = floatval($row['expense_amount']); $expense_currency_code = nullable_htmlentities($row['expense_currency_code']); diff --git a/agent/modals/file/file_link_asset.php b/agent/modals/file/file_link_asset.php index 2483a207..75d825b9 100644 --- a/agent/modals/file/file_link_asset.php +++ b/agent/modals/file/file_link_asset.php @@ -21,11 +21,11 @@ / @@ -68,7 +68,7 @@ ob_start(); diff --git a/agent/modals/invoice/invoice_add_ticket.php b/agent/modals/invoice/invoice_add_ticket.php index 44516543..5d4f93fb 100644 --- a/agent/modals/invoice/invoice_add_ticket.php +++ b/agent/modals/invoice/invoice_add_ticket.php @@ -18,7 +18,7 @@ Add to Invoice - "> - + @@ -56,4 +56,3 @@
    - diff --git a/agent/modals/invoice/invoice_bulk_edit_category.php b/agent/modals/invoice/invoice_bulk_edit_category.php index 93ab1d5d..edc05142 100644 --- a/agent/modals/invoice/invoice_bulk_edit_category.php +++ b/agent/modals/invoice/invoice_bulk_edit_category.php @@ -33,7 +33,7 @@ ob_start(); diff --git a/agent/modals/invoice/invoice_copy.php b/agent/modals/invoice/invoice_copy.php index 76e938fb..0b286df3 100644 --- a/agent/modals/invoice/invoice_copy.php +++ b/agent/modals/invoice/invoice_copy.php @@ -6,7 +6,7 @@ $invoice_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $client_name = nullable_htmlentities($row['client_name']); @@ -23,7 +23,7 @@ ob_start(); - +
    @@ -35,7 +35,7 @@ ob_start(); " required>
    - +
    diff --git a/agent/modals/invoice/invoice_edit.php b/agent/modals/invoice/invoice_edit.php index e009e817..dc1a4494 100644 --- a/agent/modals/invoice/invoice_edit.php +++ b/agent/modals/invoice/invoice_edit.php @@ -6,7 +6,7 @@ $invoice_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $invoice_scope = nullable_htmlentities($row['invoice_scope']); @@ -64,7 +64,7 @@ ob_start(); '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); - while ($row = mysqli_fetch_array($sql_income_category)) { + while ($row = mysqli_fetch_assoc($sql_income_category)) { $category_id_select = intval($row['category_id']); $category_name_select = nullable_htmlentities($row['category_name']); ?> diff --git a/agent/modals/invoice/invoice_recurring_add.php b/agent/modals/invoice/invoice_recurring_add.php index 2f49d5ba..d2a07e5a 100644 --- a/agent/modals/invoice/invoice_recurring_add.php +++ b/agent/modals/invoice/invoice_recurring_add.php @@ -6,7 +6,7 @@ $invoice_id = intval($_GET['invoice_id']); $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); diff --git a/agent/modals/invoice/item_edit.php b/agent/modals/invoice/item_edit.php index c690b4ee..71e9a309 100644 --- a/agent/modals/invoice/item_edit.php +++ b/agent/modals/invoice/item_edit.php @@ -5,7 +5,7 @@ require_once '../../../includes/modal_header.php'; $item_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_id = $item_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $item_name = nullable_htmlentities($row['item_name']); $item_description = nullable_htmlentities($row['item_description']); $item_quantity = floatval($row['item_quantity']); @@ -82,7 +82,7 @@ ob_start(); '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC"); - while ($row = mysqli_fetch_array($taxes_sql)) { + while ($row = mysqli_fetch_assoc($taxes_sql)) { $tax_id_select = intval($row['tax_id']); $tax_name = nullable_htmlentities($row['tax_name']); $tax_percent = floatval($row['tax_percent']); diff --git a/agent/modals/location/location_add.php b/agent/modals/location/location_add.php index b8182d26..f69b35a5 100644 --- a/agent/modals/location/location_add.php +++ b/agent/modals/location/location_add.php @@ -7,7 +7,7 @@ $client_id = intval($_GET['client_id'] ?? 0); ob_start(); ?> - +
    Creating location
    - +
    @@ -39,7 +39,7 @@ ob_start();
    - + @@ -55,7 +55,7 @@ ob_start(); @@ -171,7 +171,7 @@ ob_start(); @@ -246,7 +246,7 @@ ob_start(); diff --git a/agent/modals/location/location_bulk_assign_tags.php b/agent/modals/location/location_bulk_assign_tags.php index ec172105..a49cb557 100644 --- a/agent/modals/location/location_bulk_assign_tags.php +++ b/agent/modals/location/location_bulk_assign_tags.php @@ -37,7 +37,7 @@ ob_start(); diff --git a/agent/modals/location/location_edit.php b/agent/modals/location/location_edit.php index dd030f47..aa0b50cb 100644 --- a/agent/modals/location/location_edit.php +++ b/agent/modals/location/location_edit.php @@ -6,7 +6,7 @@ $location_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = $location_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $location_name = nullable_htmlentities($row['location_name']); $location_description = nullable_htmlentities($row['location_description']); $location_country = nullable_htmlentities($row['location_country']); @@ -31,7 +31,7 @@ $location_primary = intval($row['location_primary']); // Tags $location_tag_id_array = array(); $sql_location_tags = mysqli_query($mysqli, "SELECT * FROM location_tags WHERE location_id = $location_id"); -while ($row = mysqli_fetch_array($sql_location_tags)) { +while ($row = mysqli_fetch_assoc($sql_location_tags)) { $location_tag_id = intval($row['tag_id']); $location_tag_id_array[] = $location_tag_id; } @@ -49,7 +49,7 @@ ob_start(); - +
      @@ -183,7 +183,7 @@ ob_start(); '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_archived_at ASC, contact_name ASC"); - while ($row = mysqli_fetch_array($sql_contacts)) { + while ($row = mysqli_fetch_assoc($sql_contacts)) { $contact_id_select = intval($row['contact_id']); $contact_name_select = nullable_htmlentities($row['contact_name']); $contact_archived_at = nullable_htmlentities($row['contact_archived_at']); @@ -264,7 +264,7 @@ ob_start(); diff --git a/agent/modals/network/network_add.php b/agent/modals/network/network_add.php index 2c020908..7e4ff615 100644 --- a/agent/modals/network/network_add.php +++ b/agent/modals/network/network_add.php @@ -53,7 +53,7 @@ ob_start(); @@ -97,7 +97,7 @@ ob_start(); @@ -165,7 +165,7 @@ ob_start();
    - +
    diff --git a/agent/modals/network/network_edit.php b/agent/modals/network/network_edit.php index 18e12958..7d45ec45 100644 --- a/agent/modals/network/network_edit.php +++ b/agent/modals/network/network_edit.php @@ -5,8 +5,8 @@ require_once '../../../includes/modal_header.php'; $network_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id LIMIT 1"); - -$row = mysqli_fetch_array($sql); + +$row = mysqli_fetch_assoc($sql); $network_name = nullable_htmlentities($row['network_name']); $network_description = nullable_htmlentities($row['network_description']); $network_vlan = intval($row['network_vlan']); @@ -84,9 +84,9 @@ ob_start();
    +
    + +
    +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    +
    + +
    + +
    + + +
    + + + diff --git a/agent/modals/product/product_add.php b/agent/modals/product/product_add.php index 37af8e63..38ca9dc3 100644 --- a/agent/modals/product/product_add.php +++ b/agent/modals/product/product_add.php @@ -67,7 +67,7 @@ ob_start(); @@ -111,7 +111,7 @@ ob_start(); diff --git a/agent/modals/product/product_edit.php b/agent/modals/product/product_edit.php index d512f04d..79df1926 100644 --- a/agent/modals/product/product_edit.php +++ b/agent/modals/product/product_edit.php @@ -6,7 +6,7 @@ $product_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = $product_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $product_name = nullable_htmlentities($row['product_name']); $product_type = nullable_htmlentities($row['product_type']); $product_description = nullable_htmlentities($row['product_description']); @@ -51,7 +51,7 @@ ob_start(); '$product_created_at' OR category_archived_at IS NULL)"); - while ($row = mysqli_fetch_array($sql_select)) { + while ($row = mysqli_fetch_assoc($sql_select)) { $category_id_select = intval($row['category_id']); $category_name_select = nullable_htmlentities($row['category_name']); ?> @@ -94,7 +94,7 @@ ob_start(); '$product_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC"); - while ($row = mysqli_fetch_array($taxes_sql)) { + while ($row = mysqli_fetch_assoc($taxes_sql)) { $tax_id_select = intval($row['tax_id']); $tax_name = nullable_htmlentities($row['tax_name']); $tax_percent = floatval($row['tax_percent']); diff --git a/agent/modals/product/product_stock_add.php b/agent/modals/product/product_stock_add.php index d3a84590..ba664370 100644 --- a/agent/modals/product/product_stock_add.php +++ b/agent/modals/product/product_stock_add.php @@ -30,7 +30,7 @@ ob_start();
    - +
    @@ -42,11 +42,11 @@ ob_start(); - No Client - @@ -61,7 +61,7 @@ ob_start(); @@ -107,7 +107,7 @@ ob_start(); "SELECT user_id, user_name FROM users WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); - while ($row = mysqli_fetch_array($sql)) { + while ($row = mysqli_fetch_assoc($sql)) { $user_id = intval($row['user_id']); $user_name = nullable_htmlentities($row['user_name']); ?> diff --git a/agent/modals/project/project_edit.php b/agent/modals/project/project_edit.php index 1885b4df..435c8fc4 100644 --- a/agent/modals/project/project_edit.php +++ b/agent/modals/project/project_edit.php @@ -6,7 +6,7 @@ $project_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $project_prefix = nullable_htmlentities($row['project_prefix']); $project_number = intval($row['project_number']); $project_name = nullable_htmlentities($row['project_name']); @@ -77,7 +77,7 @@ ob_start(); "SELECT user_id, user_name FROM users WHERE user_role_id > 1 AND user_status = 1 AND user_archived_at IS NULL ORDER BY user_name ASC" ); - while ($row = mysqli_fetch_array($sql_project_managers_select)) { + while ($row = mysqli_fetch_assoc($sql_project_managers_select)) { $user_id_select = intval($row['user_id']); $user_name_select = nullable_htmlentities($row['user_name']); ?> @@ -95,7 +95,7 @@ ob_start(); diff --git a/agent/modals/project/project_link_closed_ticket.php b/agent/modals/project/project_link_closed_ticket.php index 59b452f1..d0f6757d 100644 --- a/agent/modals/project/project_link_closed_ticket.php +++ b/agent/modals/project/project_link_closed_ticket.php @@ -13,7 +13,7 @@ if ($client_id) { $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $project_name = nullable_htmlentities($row['project_name']); ob_start(); @@ -35,7 +35,7 @@ ob_start();
    "; diff --git a/agent/modals/project/project_link_ticket.php b/agent/modals/project/project_link_ticket.php index 83402523..f11a4675 100644 --- a/agent/modals/project/project_link_ticket.php +++ b/agent/modals/project/project_link_ticket.php @@ -13,7 +13,7 @@ if ($client_id) { $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $project_name = nullable_htmlentities($row['project_name']); // Generate the HTML form content using output buffering. @@ -40,7 +40,7 @@ ob_start(); @@ -67,7 +67,7 @@ ob_start(); diff --git a/agent/modals/quote/quote_copy.php b/agent/modals/quote/quote_copy.php index 6c8d2054..2fe90eac 100644 --- a/agent/modals/quote/quote_copy.php +++ b/agent/modals/quote/quote_copy.php @@ -6,7 +6,7 @@ $quote_id = intval($_GET['id']); $sql = mysqli_query($mysqli, "SELECT * FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $quote_prefix = nullable_htmlentities($row['quote_prefix']); $quote_number = intval($row['quote_number']); $client_id = intval($row['client_id']); @@ -37,7 +37,7 @@ ob_start();
    @@ -294,17 +294,17 @@ ob_start(); - "; + if ($current_type !== null) echo ""; ?>
    diff --git a/agent/modals/recurring_ticket/recurring_ticket_bulk_agent_edit.php b/agent/modals/recurring_ticket/recurring_ticket_bulk_agent_edit.php index 495cdfc7..5fd9160a 100644 --- a/agent/modals/recurring_ticket/recurring_ticket_bulk_agent_edit.php +++ b/agent/modals/recurring_ticket/recurring_ticket_bulk_agent_edit.php @@ -37,7 +37,7 @@ ob_start(); AND user_archived_at IS NULL ORDER BY user_name DESC" ); - while ($row = mysqli_fetch_array($sql_users_select)) { + while ($row = mysqli_fetch_assoc($sql_users_select)) { $user_id_select = intval($row['user_id']); $user_name_select = nullable_htmlentities($row['user_name']); diff --git a/agent/modals/recurring_ticket/recurring_ticket_bulk_category_edit.php b/agent/modals/recurring_ticket/recurring_ticket_bulk_category_edit.php index a27a6146..fb9a7b6f 100644 --- a/agent/modals/recurring_ticket/recurring_ticket_bulk_category_edit.php +++ b/agent/modals/recurring_ticket/recurring_ticket_bulk_category_edit.php @@ -33,7 +33,7 @@ ob_start(); - Uncategorized - ">
    - value="1" > @@ -172,7 +172,7 @@ ob_start();
    -
    +
    $contact_name"; @@ -152,7 +152,7 @@ ob_start(); $document_name"; @@ -186,21 +186,21 @@ ob_start(); -
    +
    $domain_name"; @@ -228,7 +228,7 @@ ob_start();
    - +
    @@ -90,4 +90,3 @@
    - diff --git a/agent/modals/software/software_add.php b/agent/modals/software/software_add.php index 23026366..6199fbb0 100644 --- a/agent/modals/software/software_add.php +++ b/agent/modals/software/software_add.php @@ -57,7 +57,7 @@ ob_start(); @@ -111,7 +111,7 @@ ob_start(); @@ -225,7 +225,7 @@ ob_start(); @@ -54,7 +54,7 @@ ob_start(); - Select Vendor - - @@ -233,7 +233,7 @@ ob_start(); '$software_created_at' OR asset_archived_at IS NULL) AND asset_client_id = $client_id ORDER BY asset_archived_at ASC, asset_name ASC"); - while ($row = mysqli_fetch_array($sql_assets_select)) { + while ($row = mysqli_fetch_assoc($sql_assets_select)) { $asset_id_select = intval($row['asset_id']); $asset_name_select = nullable_htmlentities($row['asset_name']); $asset_type_select = nullable_htmlentities($row['asset_type']); @@ -273,7 +273,7 @@ ob_start(); '$software_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_archived_at ASC, contact_name ASC"); - while ($row = mysqli_fetch_array($sql_contacts_select)) { + while ($row = mysqli_fetch_assoc($sql_contacts_select)) { $contact_id_select = intval($row['contact_id']); $contact_name_select = nullable_htmlentities($row['contact_name']); $contact_email_select = nullable_htmlentities($row['contact_email']); diff --git a/agent/modals/ticket/ticket_add.php b/agent/modals/ticket/ticket_add.php index c1230edc..8e7cebf0 100644 --- a/agent/modals/ticket/ticket_add.php +++ b/agent/modals/ticket/ticket_add.php @@ -60,7 +60,7 @@ ob_start(); @@ -87,20 +87,20 @@ ob_start(); - Not Categorized - @@ -250,7 +250,7 @@ ob_start(); @@ -325,7 +325,7 @@ ob_start(); @@ -401,7 +401,7 @@ ob_start(); @@ -440,7 +440,7 @@ ob_start(); @@ -463,32 +463,25 @@ ob_start(); + diff --git a/agent/modals/ticket/ticket_add_v2.php b/agent/modals/ticket/ticket_add_v2.php index 9cc31e92..7113b253 100644 --- a/agent/modals/ticket/ticket_add_v2.php +++ b/agent/modals/ticket/ticket_add_v2.php @@ -18,7 +18,7 @@ ob_start();
    - + @@ -58,20 +58,20 @@ ob_start(); - Not Categorized - @@ -158,7 +158,7 @@ ob_start(); - +
    @@ -203,7 +203,7 @@ ob_start(); @@ -297,32 +297,24 @@ ob_start(); diff --git a/agent/modals/ticket/ticket_add_watcher.php b/agent/modals/ticket/ticket_add_watcher.php index 29b32491..ecfc783b 100644 --- a/agent/modals/ticket/ticket_add_watcher.php +++ b/agent/modals/ticket/ticket_add_watcher.php @@ -29,7 +29,7 @@ ob_start(); '' ORDER BY contact_name ASC"); - while ($row = mysqli_fetch_array($sql_client_contacts_select)) { + while ($row = mysqli_fetch_assoc($sql_client_contacts_select)) { $contact_id_select = intval($row['contact_id']); $contact_name_select = nullable_htmlentities($row['contact_name']); $contact_email_select = nullable_htmlentities($row['contact_email']); diff --git a/agent/modals/ticket/ticket_assign.php b/agent/modals/ticket/ticket_assign.php index 40492fa0..13ab1ad3 100644 --- a/agent/modals/ticket/ticket_assign.php +++ b/agent/modals/ticket/ticket_assign.php @@ -10,7 +10,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM tickets LIMIT 1" ); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); $ticket_assigned_to = intval($row['ticket_assigned_to']); @@ -42,14 +42,14 @@ ob_start();
    +
    + Selected tickets will be closed once merging is complete. +
    +
    - +
    - "; - } else { - echo "
    $ticket_prefix
    "; - } - ?> +
    - - +
    @@ -51,29 +76,11 @@ ob_start();
    - - - -
    - -
    - + -
    - - - diff --git a/agent/modals/ticket/ticket_change_client.php b/agent/modals/ticket/ticket_change_client.php index 1d013525..09c12653 100644 --- a/agent/modals/ticket/ticket_change_client.php +++ b/agent/modals/ticket/ticket_change_client.php @@ -5,7 +5,7 @@ $ticket_id = intval($_GET['ticket_id']); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); $client_id = intval($row['ticket_client_id']); @@ -36,7 +36,7 @@ ob_start(); - diff --git a/agent/modals/ticket/ticket_edit_schedule.php b/agent/modals/ticket/ticket_edit_schedule.php index 877ac3e9..1a2148bc 100644 --- a/agent/modals/ticket/ticket_edit_schedule.php +++ b/agent/modals/ticket/ticket_edit_schedule.php @@ -10,7 +10,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM tickets LIMIT 1" ); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); $ticket_scheduled_for = nullable_htmlentities($row['ticket_schedule']); diff --git a/agent/modals/ticket/ticket_edit_vendor.php b/agent/modals/ticket/ticket_edit_vendor.php index ada9836c..85b048fa 100644 --- a/agent/modals/ticket/ticket_edit_vendor.php +++ b/agent/modals/ticket/ticket_edit_vendor.php @@ -5,7 +5,7 @@ $ticket_id = intval($_GET['ticket_id']); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); $vendor_id = intval($row['ticket_vendor_id']); @@ -37,7 +37,7 @@ ob_start(); diff --git a/agent/modals/ticket/ticket_invoice_add.php b/agent/modals/ticket/ticket_invoice_add.php index 4cba203b..001a4758 100644 --- a/agent/modals/ticket/ticket_invoice_add.php +++ b/agent/modals/ticket/ticket_invoice_add.php @@ -19,7 +19,7 @@ $ticket_sql = mysqli_query( LIMIT 1" ); -$row = mysqli_fetch_array($ticket_sql); +$row = mysqli_fetch_assoc($ticket_sql); $client_id = intval($row['client_id']); $client_rate = floatval($row['client_rate']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']); @@ -33,16 +33,16 @@ $ticket_onsite = intval($row['ticket_onsite']); $ticket_created_at = nullable_htmlentities($row['ticket_created_at']); $ticket_created_by = intval($row['ticket_created_by']); -$ticket_date = date('Y-m-d', strtotime($ticket_created_at)); +$ticket_date = date('Y-m-d g:i A', strtotime($ticket_created_at)); $ticket_first_response_at = nullable_htmlentities($row['ticket_first_response_at']); if ($ticket_first_response_at) { - $ticket_first_response_date_time = date('Y-m-d H:i', strtotime($ticket_first_response_at)); + $ticket_first_response_date_time = date('Y-m-d g:i A', strtotime($ticket_first_response_at)); } else { $ticket_first_response_date_time = ''; } $ticket_resolved_at = nullable_htmlentities($row['ticket_resolved_at']); if ($ticket_resolved_at) { - $ticket_resolved_date = date('Y-m-d', strtotime($ticket_resolved_at)); + $ticket_resolved_date = date('Y-m-d g:i A', strtotime($ticket_resolved_at)); } else { $ticket_resolved_date = ''; } @@ -71,8 +71,9 @@ $location_phone = formatPhoneNumber($row['location_phone']); //Get Total Ticket Time $ticket_total_reply_time = mysqli_query($mysqli, "SELECT SEC_TO_TIME(SUM(TIME_TO_SEC(ticket_reply_time_worked))) AS ticket_total_reply_time FROM ticket_replies WHERE ticket_reply_archived_at IS NULL AND ticket_reply_ticket_id = $ticket_id"); -$row = mysqli_fetch_array($ticket_total_reply_time); +$row = mysqli_fetch_assoc($ticket_total_reply_time); $ticket_total_reply_time = nullable_htmlentities($row['ticket_total_reply_time']); +$ticket_total_reply_time_display = formatDuration($ticket_total_reply_time); $sql_invoices = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_status LIKE 'Draft' AND invoice_client_id = $client_id ORDER BY invoice_number ASC"); @@ -122,7 +123,7 @@ ob_start(); @@ -221,15 +222,17 @@ ob_start();
    -
    - -
    -
    -
    +
    +
    +
    +
    +
    - -
    -
    + +
    +
    +
    @@ -666,14 +640,14 @@ if (isset($_GET['ticket_id'])) {
    - -
    -
    - -
    -
    -
    + +
    +
    + +
    +
    +
    @@ -684,7 +658,7 @@ if (isset($_GET['ticket_id'])) { purify($row['ticket_reply']); $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']); @@ -705,7 +679,7 @@ if (isset($_GET['ticket_id'])) { $user_avatar = nullable_htmlentities($row['user_avatar']); $user_initials = initials($row['user_name']); $avatar_link = "../uploads/users/$user_id/$user_avatar"; - $ticket_reply_time_worked = date_create($row['ticket_reply_time_worked']); + $ticket_reply_time_worked = $row['ticket_reply_time_worked']; } $sql_ticket_reply_attachments = mysqli_query( @@ -732,12 +706,19 @@ if (isset($_GET['ticket_id'])) { -
    +

    - +
    -
    Time worked: +
    + + + Time worked: + + + +
    @@ -789,7 +770,7 @@ if (isset($_GET['ticket_id'])) { $name | Download | View"; @@ -809,10 +790,10 @@ if (isset($_GET['ticket_id'])) {
    - -
    "> -
    -
    Ticket Details
    + +
    +
    +
    Activity Summary
    -
    +
    -
    - Created: +
    + Created: + ()
    - -
    - Created by: +
    + Created by:
    - -
    - Source: + +
    + Source:
    - 0) { ?> -
    - Category: + +
    + Category:
    -
    - FR: +
    + 1st resp:
    -
    - Time worked: +
    + Total time:
    @@ -875,34 +857,34 @@ if (isset($_GET['ticket_id'])) { - +
    -
    - Resolved: +
    + Resolved:
    - -
    - Closed by: +
    + Closed by:
    -
    - Closed: +
    + Closed:
    -
    - Feedback: +
    + Feedback:
    @@ -916,8 +898,8 @@ if (isset($_GET['ticket_id'])) { 0)) { ?>
    -
    -
    Tasks
    +
    +
    Tasks
    = 2) { ?>
    @@ -961,25 +943,82 @@ if (isset($_GET['ticket_id'])) { 0; + + $approval_id = 0; + $user_can_approve = false; + $approval_rows = mysqli_query($mysqli, " + SELECT approval_id, approval_scope, approval_type, approval_required_user_id, approval_created_by + FROM task_approvals WHERE approval_task_id = $task_id AND approval_status = 'pending' + "); + + while ($approval = mysqli_fetch_assoc($approval_rows)) { + + $scope = nullable_htmlentities($approval['approval_scope']); + $type = nullable_htmlentities($approval['approval_type']); + $required_user = intval($approval['approval_required_user_id']); + $created_by = intval($approval['approval_created_by']); + + // Named, specific user? + if ($scope == 'internal' && $type == 'specific' && $required_user == $session_user_id) { + $user_can_approve = true; + $approval_id = intval($approval['approval_id']); + continue; + } + + // Any internal user, but the one who created the task + if ($scope == 'internal' && $type == 'any' && $created_by !== $session_user_id) { + $user_can_approve = true; + $approval_id = intval($approval['approval_id']); + continue; + } + + } + ?> - -
    + = 2) { ?> - - - + + + + + + + + + + + + + + + + - + +
    @@ -997,6 +1036,12 @@ if (isset($_GET['ticket_id'])) { data-modal-url="modals/ticket/ticket_task_edit.php?id="> Edit + + + Add Approvers + + Mark incomplete @@ -1026,8 +1071,8 @@ if (isset($_GET['ticket_id'])) {
    -
    -
    Contact
    +
    +
    Contact
    = 2) { ?>
    -
    +
    0) { ?>
    -
    -
    Watchers
    +
    +
    Watchers
    = 2) { ?>
    - +
    -
    +
    - + - +
    @@ -1117,8 +1162,8 @@ if (isset($_GET['ticket_id'])) {
    -
    -
    Assets
    +
    +
    Assets
    = 2) { ?>
    @@ -1127,7 +1172,7 @@ if (isset($_GET['ticket_id'])) {
    -
    +
    - +
    @@ -1161,12 +1206,11 @@ if (isset($_GET['ticket_id'])) { -
    -
    -
    Vendor
    +
    +
    Vendor
    = 2) { ?>
    @@ -1175,7 +1219,7 @@ if (isset($_GET['ticket_id'])) {
    -
    +
    @@ -1220,8 +1264,8 @@ if (isset($_GET['ticket_id'])) {
    -
    -
    Project
    +
    +
    Project
    = 2) { ?>
    -
    +
    - +
    diff --git a/agent/ticket_kanban.php b/agent/ticket_kanban.php index 9290afd2..846f9379 100644 --- a/agent/ticket_kanban.php +++ b/agent/ticket_kanban.php @@ -1,38 +1,41 @@ id = $id; - $statuses[$id]->name = $name; - $statuses[$id]->tickets = []; - $statuses[$id]->order = $kanban_order; // Store the order +while ($row = mysqli_fetch_assoc($status_sql)) { + + $status_id = intval($row['ticket_status_id']); + $status_name = nullable_htmlentities($row['ticket_status_name']); + $kanban_order = intval($row['ticket_status_order']); + + $statuses[$status_id] = array( + 'id' => $status_id, + 'name' => $status_name, + 'order' => $kanban_order, + 'tickets' => array() + ); } -$ordering_snippet = "ORDER BY - CASE +$ordering_snippet = "ORDER BY + CASE WHEN ticket_priority = 'High' THEN 1 WHEN ticket_priority = 'Medium' THEN 2 WHEN ticket_priority = 'Low' THEN 3 ELSE 4 - END, + END, ticket_id DESC"; -if ($config_ticket_ordering === 1) { +if ($config_ticket_ordering == 1) { $ordering_snippet = "ORDER BY ticket_order ASC"; } -// Fetch tickets and merge into statuses +// Fetch tickets $sql = mysqli_query( $mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM tickets @@ -44,114 +47,131 @@ $sql = mysqli_query( LEFT JOIN vendors ON ticket_vendor_id = vendor_id LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id LEFT JOIN categories ON ticket_category = category_id - WHERE $ticket_status_snippet " . $ticket_assigned_query . " + WHERE $ticket_status_snippet $ticket_assigned_query $category_query $client_query AND DATE(ticket_created_at) BETWEEN '$dtf' AND '$dtt' - AND (CONCAT(ticket_prefix,ticket_number) LIKE '%$q%' OR client_name LIKE '%$q%' OR ticket_subject LIKE '%$q%' OR ticket_status_name LIKE '%$q%' OR ticket_priority LIKE '%$q%' OR user_name LIKE '%$q%' OR contact_name LIKE '%$q%' OR asset_name LIKE '%$q%' OR vendor_name LIKE '%$q%' OR ticket_vendor_ticket_number LIKE '%q%') + AND ( + CONCAT(ticket_prefix,ticket_number) LIKE '%$q%' OR + client_name LIKE '%$q%' OR + ticket_subject LIKE '%$q%' OR + ticket_status_name LIKE '%$q%' OR + ticket_priority LIKE '%$q%' OR + user_name LIKE '%$q%' OR + contact_name LIKE '%$q%' OR + asset_name LIKE '%$q%' OR + vendor_name LIKE '%$q%' OR + ticket_vendor_ticket_number LIKE '%$q%' + ) + $ticket_project_snippet $ticket_permission_snippet $ordering_snippet" ); -while ($row = mysqli_fetch_array($sql)) { - $id = $row['ticket_status_id']; - $ticket_order = $row['ticket_order']; +while ($row = mysqli_fetch_assoc($sql)) { + + $status_id = $row['ticket_status_id']; - // Loop over all items in $row to apply nullable_htmlentities only if the content is a string foreach ($row as $key => $value) { if (is_string($value)) { $row[$key] = nullable_htmlentities($value); } } - if (isset($statuses[$id])) { - $statuses[$id]->tickets[] = $row; + if (isset($statuses[$status_id])) { + $statuses[$status_id]['tickets'][] = $row; } } -// Convert associative array to indexed array for sorting +// Convert associative array to indexed array $kanban = array_values($statuses); - ?>
    - -
    -
    name); ?>
    -
    - tickets as $item){ - if ($item['ticket_priority'] == "High") { - $ticket_priority_color = "danger"; - } elseif ($item['ticket_priority'] == "Medium") { - $ticket_priority_color = "warning"; - } else { - $ticket_priority_color = "info"; - } - ?> - -
    - + + + +
    +
    + +
    + + + +
    + + - + + - -
    - - - -
    - - -
    - - -
    - -
    - - - -
    - - -
    -
    - -
    + + +
    + + + + + +
    + + +
    + + +
    + +
    + + + + + + +
    + + + +
    +
    + + + +
    "; -echo "const CONFIG_TICKET_MOVING_COLUMNS = " . json_encode($config_ticket_moving_columns) . ";"; -echo "const CONFIG_TICKET_ORDERING = " . json_encode($config_ticket_ordering) . ";"; +echo "const CONFIG_TICKET_MOVING_COLUMNS = " . json_encode($config_ticket_moving_columns) . ";"; +echo "const CONFIG_TICKET_ORDERING = " . json_encode($config_ticket_ordering) . ";"; echo ""; ?> + - \ No newline at end of file + diff --git a/agent/ticket_list.php b/agent/ticket_list.php index fc0d39ab..38f43d60 100644 --- a/agent/ticket_list.php +++ b/agent/ticket_list.php @@ -7,7 +7,7 @@ text-nowrap"> - + = 2) { ?> @@ -75,7 +75,7 @@ Not Assigned

    "; + $ticket_assigned_to_display = "

    Unassigned

    "; } else { - $ticket_assigned_to_display = "

    Not Assigned

    "; + $ticket_assigned_to_display = "

    Unassigned

    "; } } else { $ticket_assigned_to_display = nullable_htmlentities($row['user_name']); @@ -157,7 +157,7 @@ AND ticket_reply_archived_at IS NULL ORDER BY ticket_reply_id DESC LIMIT 1" ); - $row = mysqli_fetch_array($sql_ticket_reply); + $row = mysqli_fetch_assoc($sql_ticket_reply); if ($row) { $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']); @@ -186,7 +186,7 @@ if($task_count) { $tasks_completed_percent = round(($completed_task_count / $task_count) * 100); } - + ?> "> @@ -199,11 +199,11 @@ - + @@ -212,12 +212,12 @@ "> 0) { ?> -
    +
    -
    +

    @@ -242,9 +242,9 @@ data-modal-url="modals/ticket/ticket_billable.php?id="> Yes"; + echo ""; } else { - echo "No"; + echo ""; } ?> @@ -303,7 +303,7 @@
    diff --git a/agent/tickets.php b/agent/tickets.php index e4f4d28f..0123dd96 100644 --- a/agent/tickets.php +++ b/agent/tickets.php @@ -79,6 +79,15 @@ if (isset($_GET['assigned']) & !empty($_GET['assigned'])) { } } +// Project filter +// Default - any (including tickets without a project) +$ticket_project_snippet = ''; +$ticket_project_filter_id = ''; +if (isset($_GET['project']) & !empty($_GET['project']) && $_GET['project'] > '0') { + $ticket_project_snippet = 'AND ticket_project_id = ' . intval($_GET['project']); + $ticket_project_filter_id = intval($_GET['project']); +} + // Ticket client access snippet $ticket_permission_snippet = ''; if (!empty($client_access_string)) { @@ -102,6 +111,7 @@ $sql = mysqli_query( AND DATE(ticket_created_at) BETWEEN '$dtf' AND '$dtt' AND (CONCAT(ticket_prefix,ticket_number) LIKE '%$q%' OR client_name LIKE '%$q%' OR ticket_subject LIKE '%$q%' OR ticket_status_name LIKE '%$q%' OR ticket_priority LIKE '%$q%' OR user_name LIKE '%$q%' OR contact_name LIKE '%$q%' OR asset_name LIKE '%$q%' OR vendor_name LIKE '%$q%' OR ticket_vendor_ticket_number LIKE '%q%') $ticket_billable_snippet + $ticket_project_snippet $ticket_permission_snippet $client_query ORDER BY @@ -123,22 +133,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); //Get Total tickets open $sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_open FROM tickets WHERE ticket_resolved_at IS NULL $client_query $ticket_permission_snippet"); -$row = mysqli_fetch_array($sql_total_tickets_open); +$row = mysqli_fetch_assoc($sql_total_tickets_open); $total_tickets_open = intval($row['total_tickets_open']); //Get Total tickets closed $sql_total_tickets_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_closed FROM tickets WHERE ticket_resolved_at IS NOT NULL $client_query $ticket_permission_snippet"); -$row = mysqli_fetch_array($sql_total_tickets_closed); +$row = mysqli_fetch_assoc($sql_total_tickets_closed); $total_tickets_closed = intval($row['total_tickets_closed']); //Get Unassigned tickets $sql_total_tickets_unassigned = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_unassigned FROM tickets WHERE ticket_assigned_to = '0' AND ticket_resolved_at IS NULL $client_query $ticket_permission_snippet"); -$row = mysqli_fetch_array($sql_total_tickets_unassigned); +$row = mysqli_fetch_assoc($sql_total_tickets_unassigned); $total_tickets_unassigned = intval($row['total_tickets_unassigned']); //Get Total tickets assigned to me $sql_total_tickets_assigned = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_assigned FROM tickets WHERE ticket_assigned_to = $session_user_id AND ticket_resolved_at IS NULL $client_query $ticket_permission_snippet"); -$row = mysqli_fetch_array($sql_total_tickets_assigned); +$row = mysqli_fetch_assoc($sql_total_tickets_assigned); $user_active_assigned_tickets = intval($row['total_tickets_assigned']); $sql_categories_filter = mysqli_query( @@ -190,6 +200,7 @@ $sql_categories_filter = mysqli_query( +
    @@ -203,26 +214,20 @@ $sql_categories_filter = mysqli_query(
    -
    -
    - -
    - + - - - + + + - - -
    +
    @@ -235,8 +240,8 @@ $sql_categories_filter = mysqli_query(
    List -
    - Kanban +
    + Kanban
    @@ -347,7 +352,7 @@ $sql_categories_filter = mysqli_query(
    +
    +
    + + +
    +
    diff --git a/agent/transfers.php b/agent/transfers.php index c3d38cad..bc4a08e5 100644 --- a/agent/transfers.php +++ b/agent/transfers.php @@ -84,7 +84,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -104,7 +104,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); @@ -160,7 +160,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); MFA Enforcement | - - + @@ -66,14 +66,14 @@ $data = "otpauth://totp/ITFlow:$session_email?secret=$token";
    - diff --git a/agent/user/post/profile.php b/agent/user/post/profile.php index ab781f7b..73827cd0 100644 --- a/agent/user/post/profile.php +++ b/agent/user/post/profile.php @@ -88,7 +88,7 @@ if (isset($_POST['edit_your_user_details'])) { } if (isset($_GET['clear_your_user_avatar'])) { - + validateCSRFToken($_GET['csrf_token']); mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id"); @@ -96,7 +96,7 @@ if (isset($_GET['clear_your_user_avatar'])) { logAction("User Account", "Edit", "$session_name cleared their avatar"); flash_alert("Avatar cleared", 'error'); - + redirect(); } @@ -167,7 +167,7 @@ if (isset($_POST['edit_your_user_preferences'])) { // Enable extension access, only if it isn't already setup (user doesn't have cookie) if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') { if (!isset($_COOKIE['user_extension_key'])) { - $extension_key = randomString(156); + $extension_key = randomString(32); mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id"); $extended_log_description .= "enabled browser extension access"; @@ -196,7 +196,7 @@ if (isset($_POST['enable_mfa'])) { require_once "../../plugins/totp/totp.php"; // Grab the code from the user - $verify_code = trim($_POST['verify_code']); + $verify_code = trim($_POST['verify_code']); // Ensure it's numeric if (!ctype_digit($verify_code)) { $verify_code = ''; @@ -227,9 +227,9 @@ if (isset($_POST['enable_mfa'])) { if ($previousPage === 'mfa_enforcement.php') { // Redirect back to mfa_enforcement.php redirect("../$config_start_page"); - + } - } + } } else { // FAILURE @@ -245,7 +245,7 @@ if (isset($_POST['enable_mfa'])) { // Redirect back to mfa_enforcement.php redirect(); } - } + } } redirect("user_security.php"); diff --git a/agent/user/user_activity.php b/agent/user/user_activity.php index ad384dfb..45120fb8 100644 --- a/agent/user/user_activity.php +++ b/agent/user/user_activity.php @@ -22,7 +22,7 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
    diff --git a/agent/user/user_security.php b/agent/user/user_security.php index 63163c13..2b0ba992 100644 --- a/agent/user/user_security.php +++ b/agent/user/user_security.php @@ -39,7 +39,7 @@ $remember_token_count = mysqli_num_rows($sql_remember_tokens); - + Disable MFA @@ -56,7 +56,7 @@ $remember_token_count = mysqli_num_rows($sql_remember_tokens);
      - File (WIP) - - + +
    @@ -181,7 +181,7 @@ if (isset($_GET['vendor_id'])) { 0) { $return_arr['count'] = mysqli_num_rows($sql); $row = array(); - while ($row = mysqli_fetch_array($sql)) { + while ($row = mysqli_fetch_assoc($sql)) { $row['credential_username'] = apiDecryptCredentialEntry($row['credential_username'], $api_key_decrypt_hash, $api_key_decrypt_password); $row['credential_password'] = apiDecryptCredentialEntry($row['credential_password'], $api_key_decrypt_hash, $api_key_decrypt_password); $return_arr['data'][] = $row; diff --git a/api/v1/documents/update.php b/api/v1/documents/update.php index 44d8ca18..1cd987eb 100644 --- a/api/v1/documents/update.php +++ b/api/v1/documents/update.php @@ -1,41 +1,121 @@ / + // In-app uses $_POST['content'] as raw; in API you likely map to $content in document_model.php + $raw_post_content = $content; + + $processed_html = saveBase64Images( + $raw_post_content, $_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/", "uploads/documents/", $document_id - ) - ); + ); - $update_insert_sql = mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$processed_content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = 0, document_client_id = $client_id"); + // Escape for DB + $content_db = mysqli_real_escape_string($mysqli, $processed_html); - // Logging - logAction("Document", "Edit", "$name via API ($api_key_name)", $client_id, $document_id); - logAction("API", "Success", "Edited document $name via API ($api_key_name)", $client_id); + // Rebuild content_raw for full-text search (same technique as app) + $content_raw = sanitizeInput($name . " " . str_replace("<", " <", $processed_html)); + $content_raw = mysqli_real_escape_string($mysqli, $content_raw); - // Override update count to 1 for API to report a success (as we inserted a document, not "updated" an existing row) - $update_count = 1; + // Escape name/description too (document_model.php may already sanitize; do DB escaping here regardless) + $name_db = mysqli_real_escape_string($mysqli, $name); + $description_db = mysqli_real_escape_string($mysqli, $description); + $folder_id = intval($folder); + // 4) Update the document (IMPORTANT: proper WHERE + scope to client) + mysqli_query( + $mysqli, + "UPDATE documents SET + document_name = '$name_db', + document_description = '$description_db', + document_content = '$content_db', + document_content_raw = '$content_raw', + document_folder_id = $folder_id, + document_updated_by = 0 + WHERE document_id = $document_id + AND document_client_id = $client_id + LIMIT 1" + ); + + // For API: treat success as "updated row" OR "query ran but values unchanged" + if (mysqli_errno($mysqli) === 0) { + $update_count = 1; + } + + // Logging + logAction("Document", "Edit", "$name_db via API ($api_key_name), previous version kept", $client_id, $document_version_id); + logAction("API", "Success", "Edited document $name_db via API ($api_key_name)", $client_id); + + } else { + // Not found (or not this client's doc) + $update_count = false; + logAction("API", "Error", "Document update failed (not found or unauthorized) via API ($api_key_name)", $client_id); + } } // Output diff --git a/api/v1/read_output.php b/api/v1/read_output.php index 97162ace..b3dcaa64 100644 --- a/api/v1/read_output.php +++ b/api/v1/read_output.php @@ -11,7 +11,7 @@ if ($sql && mysqli_num_rows($sql) > 0) { $return_arr['count'] = mysqli_num_rows($sql); $row = array(); - while ($row = mysqli_fetch_array($sql)) { + while ($row = mysqli_fetch_assoc($sql)) { $return_arr['data'][] = $row; } diff --git a/api/v1/tickets/create.php b/api/v1/tickets/create.php index 41ad29c8..a2e32a0e 100644 --- a/api/v1/tickets/create.php +++ b/api/v1/tickets/create.php @@ -8,7 +8,7 @@ require_once '../require_post_method.php'; require_once "../../../includes/load_global_settings.php"; $sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $company_name = $row['company_name']; $company_phone = formatPhoneNumber($row['company_phone']); @@ -28,7 +28,7 @@ if (!empty($subject)) { // If no contact is selected automatically choose the primary contact for the client (if client set) if ($contact == 0 && $client_id != 0) { $sql = mysqli_query($mysqli,"SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $contact = intval($row['contact_id']); } @@ -44,7 +44,7 @@ if (!empty($subject)) { $ticket_number = mysqli_insert_id($mysqli); // Insert ticket - $url_key = randomString(156); + $url_key = randomString(32); $insert_sql = mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'API', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_billable = $billable, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_created_by = 0, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_asset_id = $asset, ticket_url_key = '$url_key', ticket_client_id = $client_id"); // Check insert & get insert ID diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php index b37821ab..80b52e71 100644 --- a/api/v1/validate_api_key.php +++ b/api/v1/validate_api_key.php @@ -91,7 +91,7 @@ if (isset($api_key)) { // SUCCESS // Set client ID, company ID & key name - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $api_key_name = htmlentities($row['api_key_name']); $api_key_decrypt_hash = $row['api_key_decrypt_hash']; // No sanitization $client_id = intval($row['api_key_client_id']); diff --git a/client/assets.php b/client/assets.php index e67b09b2..5f38ec64 100644 --- a/client/assets.php +++ b/client/assets.php @@ -43,7 +43,7 @@ $assets_sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN contacts ON 0) { - $file_row = mysqli_fetch_array($sql_files); + $file_row = mysqli_fetch_assoc($sql_files); $file_id = intval($file_row['file_id']); $file_name = nullable_htmlentities($file_row['file_name']); $file_reference_name = nullable_htmlentities($file_row['file_reference_name']); @@ -81,9 +81,9 @@ if (mysqli_num_rows($sql_files) > 0) { $file_size = intval($file_row['file_size']); $file_mime_type = nullable_htmlentities($file_row['file_mime_type']); $file_size_formatted = formatBytes($file_size); - + $file_path = "../uploads/clients/$session_client_id/$file_reference_name"; - + // For PDF files, display them inline if ($file_ext == 'pdf') { ?> @@ -185,7 +185,7 @@ if (mysqli_num_rows($sql_files) > 0) { diff --git a/client/documents.php b/client/documents.php index e98ae29d..1ab42840 100644 --- a/client/documents.php +++ b/client/documents.php @@ -45,7 +45,7 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum - Supported formats: PDF, Word documents, text files diff --git a/client/domains.php b/client/domains.php index 3beac65f..15417732 100644 --- a/client/domains.php +++ b/client/domains.php @@ -31,7 +31,7 @@ $domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name, domain_expi 1024 && $i < count($units) - 1; $i++) { $bytes /= 1024; } - + return round($bytes, $precision) . ' ' . $units[$i]; } diff --git a/client/includes/check_login.php b/client/includes/check_login.php index 3e5adb94..ddc42a8b 100644 --- a/client/includes/check_login.php +++ b/client/includes/check_login.php @@ -16,14 +16,7 @@ if (!isset($_SESSION)) { } if (!isset($_SESSION['client_logged_in']) || !$_SESSION['client_logged_in']) { - header("Location: /login.php"); - die; -} - -// Check user type -if ($_SESSION['user_type'] !== 2) { - header("Location: /login.php"); - exit(); + redirect("/login.php"); } // Set Timezone @@ -39,10 +32,40 @@ $session_client_id = intval($_SESSION['client_id']); $session_contact_id = intval($_SESSION['contact_id']); $session_user_id = intval($_SESSION['user_id']); +// Load user session vars +$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE users.user_id = $session_user_id"); -// Get company info from database +$row = mysqli_fetch_assoc($sql); + +$session_avatar = $row['user_avatar']; +$session_user_type = intval($row['user_type']); +$session_user_status = intval($row['user_status']); +$session_user_archived_at = $row['user_archived_at']; + +// Check user type is client aka 2 +if ($session_user_type !== 2) { + session_unset(); + session_destroy(); + redirect("/login.php"); +} + +// Check User is active +if ($session_user_status !== 1) { + session_unset(); + session_destroy(); + redirect("/login.php"); +} + +// Check User is archived +if ($session_user_archived_at !== null) { + session_unset(); + session_destroy(); + redirect("/login.php"); +} + +// Load company session vars $sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $session_company_name = $row['company_name']; $session_company_country = $row['company_country']; @@ -51,9 +74,9 @@ $session_company_currency = $row['company_currency']; $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY); $session_company_logo = $row['company_logo']; -// Get contact info +// Load contact session vars $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id"); -$contact = mysqli_fetch_array($contact_sql); +$contact = mysqli_fetch_assoc($contact_sql); $session_contact_name = sanitizeInput($contact['contact_name']); $session_contact_initials = initials($session_contact_name); @@ -72,8 +95,8 @@ if ($contact['contact_billing'] == 1) { $session_contact_is_billing_contact = true; } -// Get client info +// Load client session vars $client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $session_client_id"); -$client = mysqli_fetch_array($client_sql); +$client = mysqli_fetch_assoc($client_sql); $session_client_name = $client['client_name']; diff --git a/client/includes/header.php b/client/includes/header.php index 6b8ff41c..05a841ce 100644 --- a/client/includes/header.php +++ b/client/includes/header.php @@ -84,7 +84,7 @@ header("X-Frame-Options: DENY"); // Legacy ORDER BY custom_link_order ASC, custom_link_name ASC" ); - while ($row = mysqli_fetch_array($sql_custom_links)) { + while ($row = mysqli_fetch_assoc($sql_custom_links)) { $custom_link_name = nullable_htmlentities($row['custom_link_name']); $custom_link_uri = nullable_htmlentities($row['custom_link_uri']); $custom_link_new_tab = intval($row['custom_link_new_tab']); diff --git a/client/index.php b/client/index.php index 36a27407..576d34e1 100644 --- a/client/index.php +++ b/client/index.php @@ -11,12 +11,12 @@ require_once "includes/inc_all.php"; // Billing Card Queries //Add up all the payments for the invoice and get the total amount paid to the invoice $sql_invoice_amounts = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $session_client_id AND invoice_status != 'Draft' AND invoice_status != 'Cancelled' AND invoice_status != 'Non-Billable'"); -$row = mysqli_fetch_array($sql_invoice_amounts); +$row = mysqli_fetch_assoc($sql_invoice_amounts); $invoice_amounts = floatval($row['invoice_amounts']); $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $session_client_id"); -$row = mysqli_fetch_array($sql_amount_paid); +$row = mysqli_fetch_assoc($sql_amount_paid); $amount_paid = floatval($row['amount_paid']); @@ -24,13 +24,13 @@ $balance = $invoice_amounts - $amount_paid; //Get Monthly Recurring Total $sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_invoice_amount) AS recurring_monthly_total FROM recurring_invoices WHERE recurring_invoice_status = 1 AND recurring_invoice_frequency = 'month' AND recurring_invoice_client_id = $session_client_id"); -$row = mysqli_fetch_array($sql_recurring_monthly_total); +$row = mysqli_fetch_assoc($sql_recurring_monthly_total); $recurring_monthly_total = floatval($row['recurring_monthly_total']); //Get Yearly Recurring Total $sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_invoice_amount) AS recurring_yearly_total FROM recurring_invoices WHERE recurring_invoice_status = 1 AND recurring_invoice_frequency = 'year' AND recurring_invoice_client_id = $session_client_id"); -$row = mysqli_fetch_array($sql_recurring_yearly_total); +$row = mysqli_fetch_assoc($sql_recurring_yearly_total); $recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12; @@ -226,7 +226,7 @@ if ($session_contact_primary == 1 || $session_contact_is_technical_contact) {
    diff --git a/client/post.php b/client/post.php index 7c7f25fc..6c939ddf 100644 --- a/client/post.php +++ b/client/post.php @@ -25,7 +25,7 @@ if (isset($_POST['add_ticket'])) { $config_ticket_new_ticket_notification_email = filter_var($config_ticket_new_ticket_notification_email, FILTER_VALIDATE_EMAIL); //Generate a unique URL key for clients to access - $url_key = randomString(156); + $url_key = randomString(32); // Ensure priority is low/med/high (as can be user defined) if ($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High") { @@ -104,7 +104,7 @@ if (isset($_POST['add_ticket_comment'])) { // Get ticket details & Notify the assigned tech (if any) - $ticket_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = $ticket_id LIMIT 1")); + $ticket_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = $ticket_id LIMIT 1")); $ticket_number = intval($ticket_details['ticket_number']); $ticket_assigned_to = intval($ticket_details['ticket_assigned_to']); @@ -114,7 +114,7 @@ if (isset($_POST['add_ticket_comment'])) { if ($ticket_details && $ticket_assigned_to !== 0) { // Get tech details - $tech_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1")); + $tech_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1")); $tech_email = sanitizeInput($tech_details['user_email']); $tech_name = sanitizeInput($tech_details['user_name']); @@ -185,6 +185,43 @@ if (isset($_POST['add_ticket_comment'])) { } } +if (isset($_GET['approve_ticket_task'])) { + + $task_id = intval($_GET['approve_ticket_task']); + $approval_id = intval($_GET['approval_id']); + $url_key = sanitizeInput($_GET['approval_url_key']); + + $approval_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'")); + + $task_name = nullable_htmlentities($approval_row['task_name']); + $scope = nullable_htmlentities($approval_row['approval_scope']); + $type = nullable_htmlentities($approval_row['approval_type']); + $required_user = intval($approval_row['approval_required_user_id']); + $created_by = intval($approval_row['approval_created_by']); + $ticket_id = intval($approval_row['task_ticket_id']); + + if (!$approval_row) { + flash_alert("Cannot find/approve that task", 'warning'); + redirect(); + exit; + } + + // Approve + mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'"); + + + // Notify tech + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_contact_email approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id&client_id=$session_client_id', notification_client_id = $session_client_id, notification_user_id = $created_by"); + // TODO: Email agent + + // Logging + logAction("Task", "Edit", "Contact $session_contact_email approved task $task_name (approval $approval_id)", $session_client_id, $task_id); + + flash_alert("Task Approved"); + redirect(); + +} + if (isset($_POST['add_ticket_feedback'])) { $ticket_id = intval($_POST['ticket_id']); @@ -198,9 +235,9 @@ if (isset($_POST['add_ticket_feedback'])) { // Notify on bad feedback if ($feedback == "Bad") { - $ticket_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_number FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); + $ticket_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_number FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); $ticket_number = intval($ticket_details['ticket_number']); - appNotify("Feedback", "$session_contact_name rated ticket $config_ticket_prefix$ticket_number as bad (ID: $ticket_id)", "/agent/ticket.php?ticket_id=$ticket_id", $session_client_id, $ticket_id); + appNotify("Feedback", "$session_contact_name rated ticket $config_ticket_prefix$ticket_number as bad (ID: $ticket_id)", "/agent/ticket.php?ticket_id=$ticket_id&client_id=$session_client_id", $session_client_id, $ticket_id); } // Custom action/notif handler @@ -220,7 +257,7 @@ if (isset($_GET['resolve_ticket'])) { $ticket_id = intval($_GET['resolve_ticket']); // Get ticket details for logging - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); $ticket_prefix = sanitizeInput($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); @@ -252,7 +289,7 @@ if (isset($_GET['reopen_ticket'])) { $ticket_id = intval($_GET['reopen_ticket']); // Get ticket details for logging - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); $ticket_prefix = sanitizeInput($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); @@ -285,7 +322,7 @@ if (isset($_GET['close_ticket'])) { $ticket_id = intval($_GET['close_ticket']); // Get ticket details for logging - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id LIMIT 1")); $ticket_prefix = sanitizeInput($row['ticket_prefix']); $ticket_number = intval($row['ticket_number']); @@ -402,7 +439,7 @@ if (isset($_POST['edit_contact'])) { // Get the existing contact_user_id - we look it up ourselves so the user can't just overwrite random users $sql = mysqli_query($mysqli,"SELECT contact_user_id FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $session_client_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $contact_user_id = intval($row['contact_user_id']); // Check the email isn't already in use @@ -448,7 +485,7 @@ if (isset($_GET['add_payment_by_provider'])) { LEFT JOIN contacts ON client_id = contact_client_id AND contact_primary = 1 WHERE invoice_id = $invoice_id AND client_id = $session_client_id" ); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $invoice_number = intval($row['invoice_number']); $invoice_status = sanitizeInput($row['invoice_status']); $invoice_amount = floatval($row['invoice_amount']); @@ -472,7 +509,7 @@ if (isset($_GET['add_payment_by_provider'])) { // Get ITFlow company details $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $company_name = sanitizeInput($row['company_name']); $company_country = sanitizeInput($row['company_country']); $company_address = sanitizeInput($row['company_address']); @@ -489,7 +526,7 @@ if (isset($_GET['add_payment_by_provider'])) { // Get Client Payment Details $sql = mysqli_query($mysqli, "SELECT * FROM client_saved_payment_methods LEFT JOIN payment_providers ON saved_payment_provider_id = payment_provider_id LEFT JOIN client_payment_provider ON saved_payment_client_id = client_id WHERE saved_payment_id = $saved_payment_id LIMIT 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $public_key = sanitizeInput($row['payment_provider_public_key']); $private_key = sanitizeInput($row['payment_provider_private_key']); @@ -647,7 +684,7 @@ if (isset($_POST['create_stripe_customer'])) { LIMIT 1 "); - $stripe_provider = mysqli_fetch_array($stripe_provider_result); + $stripe_provider = mysqli_fetch_assoc($stripe_provider_result); if (!$stripe_provider) { flash_alert("Stripe provider is not configured in the system.", 'danger'); redirect("saved_payment_methods.php"); @@ -662,7 +699,7 @@ if (isset($_POST['create_stripe_customer'])) { } // Check if client already has a Stripe customer - $existing_customer = mysqli_fetch_array(mysqli_query($mysqli, " + $existing_customer = mysqli_fetch_assoc(mysqli_query($mysqli, " SELECT payment_provider_client FROM client_payment_provider WHERE client_id = $session_client_id @@ -735,7 +772,7 @@ if (isset($_GET['create_stripe_checkout'])) { LIMIT 1 "); - $stripe_provider = mysqli_fetch_array($stripe_provider_result); + $stripe_provider = mysqli_fetch_assoc($stripe_provider_result); if (!$stripe_provider) { http_response_code(400); echo json_encode(['error' => 'Stripe provider not configured']); @@ -803,7 +840,7 @@ if (isset($_GET['stripe_save_card'])) { LIMIT 1 "); - $stripe_provider = mysqli_fetch_array($stripe_provider_result); + $stripe_provider = mysqli_fetch_assoc($stripe_provider_result); if (!$stripe_provider) { flash_alert("Stripe provider not configured.", 'danger'); redirect("saved_payment_methods.php"); @@ -825,7 +862,7 @@ if (isset($_GET['stripe_save_card'])) { AND payment_provider_id = $stripe_provider_id LIMIT 1 "); - $client_provider = mysqli_fetch_array($client_provider_query); + $client_provider = mysqli_fetch_assoc($client_provider_query); $stripe_customer_id = sanitizeInput($client_provider['payment_provider_client'] ?? ''); if (empty($stripe_customer_id)) { @@ -884,7 +921,7 @@ if (isset($_GET['stripe_save_card'])) { WHERE companies.company_id = settings.company_id AND companies.company_id = 1 "); - $row = mysqli_fetch_array($sql_settings); + $row = mysqli_fetch_assoc($sql_settings); $company_name = sanitizeInput($row['company_name']); $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); @@ -933,7 +970,7 @@ if (isset($_GET['delete_saved_payment'])) { AND payment_provider_active = 1 LIMIT 1 "); - $stripe_provider = mysqli_fetch_array($stripe_provider_result); + $stripe_provider = mysqli_fetch_assoc($stripe_provider_result); if (!$stripe_provider) { flash_alert("Stripe provider is not configured.", 'danger'); @@ -957,7 +994,7 @@ if (isset($_GET['delete_saved_payment'])) { LIMIT 1 "); - $saved_payment = mysqli_fetch_array($saved_payment_result); + $saved_payment = mysqli_fetch_assoc($saved_payment_result); if (!$saved_payment) { flash_alert("Payment method not found or does not belong to you.", 'danger'); @@ -1003,7 +1040,7 @@ if (isset($_GET['delete_saved_payment'])) { WHERE recurring_invoice_client_id = $session_client_id "); - while ($row = mysqli_fetch_array($recurring_invoices)) { + while ($row = mysqli_fetch_assoc($recurring_invoices)) { $recurring_invoice_id = intval($row['recurring_invoice_id']); mysqli_query($mysqli, " @@ -1027,7 +1064,7 @@ if (isset($_POST['set_recurring_payment'])) { // Get Recurring Invoice Info for logging and alerting $sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id AND recurring_invoice_client_id = $session_client_id"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']); $recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_currency_code = sanitizeInput($row['recurring_invoice_currency_code']); @@ -1044,7 +1081,7 @@ if (isset($_POST['set_recurring_payment'])) { AND payment_provider_active = 1 "); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $provider_id = intval($row['payment_provider_id']); $provider_name = sanitizeInput($row['payment_provider_name']); diff --git a/client/profile.php b/client/profile.php index 6209fed5..fae47819 100644 --- a/client/profile.php +++ b/client/profile.php @@ -20,9 +20,9 @@ require_once 'includes/inc_all.php';

    Client Primary Contact:

    Client Technical Contact:

    Client Billing Contact:

    - - +

    Login via:

    +

    User ID:

    diff --git a/client/quotes.php b/client/quotes.php index 1c96c523..59a7bff5 100644 --- a/client/quotes.php +++ b/client/quotes.php @@ -34,7 +34,7 @@ $quotes_sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id

    - +
    - + Manage saved payment methods

    diff --git a/client/ticket.php b/client/ticket.php index c651694f..35009da0 100644 --- a/client/ticket.php +++ b/client/ticket.php @@ -34,7 +34,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) { $ticket_contact_snippet" ); - $ticket_row = mysqli_fetch_array($ticket_sql); + $ticket_row = mysqli_fetch_assoc($ticket_sql); if ($ticket_row) { @@ -70,6 +70,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) { ); $completed_task_count = mysqli_num_rows($sql_tasks_completed); + // Get pending task approvals + $sql_task_approvals = mysqli_query($mysqli," + SELECT task_id, task_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_url_key + FROM tasks + LEFT JOIN task_approvals ON task_id = task_approvals.approval_task_id + WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL AND approval_scope = 'client' AND approval_status = 'pending' + "); ?>
      @@ -121,7 +128,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) { $name | Download | View"; @@ -130,6 +137,59 @@ if (isset($_GET['id']) && intval($_GET['id'])) { + + 0) { ?> +
      +
      +
      Approvals
      + This ticket has tasks requiring approval: + +
        + + +
      • + - Approve task - Please ask your contact to approve this task +
        • + + + +
      + + + +
      +
      + +
      @@ -196,7 +256,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) { purify($row['ticket_reply']); $ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']); @@ -258,7 +318,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) { $name | Download | View"; @@ -285,5 +345,3 @@ if (isset($_GET['id']) && intval($_GET['id'])) { } require_once "includes/footer.php"; - - diff --git a/client/ticket_add.php b/client/ticket_add.php index 6037f5b1..90e6e24f 100644 --- a/client/ticket_add.php +++ b/client/ticket_add.php @@ -64,7 +64,7 @@ $sql_assets = mysqli_query($mysqli, "SELECT asset_id, asset_name, asset_type FRO - None - Pay Balance ()
      ">Enter Card Manually - 0) { ?>
      Pay with a Saved Card
      $invoice_amount - ) + ) ){ ?>
      ">Enter Card Manually - - 0) { ?>
      Pay with a Saved Card
      0) { $sql_recurring_tickets = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_next_run = CURDATE()"); if (mysqli_num_rows($sql_recurring_tickets) > 0) { - while ($row = mysqli_fetch_array($sql_recurring_tickets)) { + while ($row = mysqli_fetch_assoc($sql_recurring_tickets)) { $recurring_ticket_id = intval($row['recurring_ticket_id']); $subject = sanitizeInput($row['recurring_ticket_subject']); @@ -317,6 +317,12 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) { $ticket_status = 2; // Set to open if we've auto-assigned an agent } + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + // Atomically increment and get the new ticket number mysqli_query($mysqli, " UPDATE settings @@ -353,7 +359,7 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) { LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE ticket_id = $id" ); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $contact_name = sanitizeInput($row['contact_name']); $contact_email = sanitizeInput($row['contact_email']); @@ -391,7 +397,7 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) { if (filter_var($config_ticket_new_ticket_notification_email, FILTER_VALIDATE_EMAIL)) { $email_subject = "ITFlow - New Recurring Ticket - $client_name: $ticket_subject"; - $email_body = "Hello,

      This is a notification that a recurring (scheduled) ticket has been raised in ITFlow.
      Ticket: $ticket_prefix$ticket_number
      Client: $client_name
      Priority: $priority
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$id

      --------------------------------

      $ticket_subject
      $ticket_details"; + $email_body = "Hello,

      This is a notification that a recurring (scheduled) ticket has been raised in ITFlow.
      Ticket: $ticket_prefix$ticket_number
      Client: $client_name
      Priority: $priority
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$id$client_uri

      --------------------------------

      $ticket_subject
      $ticket_details"; $email = [ 'from' => $config_ticket_from_email, @@ -441,7 +447,7 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) { // Flag any active recurring "next run" dates that are in the past $sql_invalid_recurring_tickets = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_next_run < CURDATE()"); -while ($row = mysqli_fetch_array($sql_invalid_recurring_tickets)) { +while ($row = mysqli_fetch_assoc($sql_invalid_recurring_tickets)) { $subject = sanitizeInput($row['recurring_ticket_subject']); appNotify("Ticket", "Recurring ticket $subject next run date is in the past!", "/agent/recurring_tickets.php"); } @@ -460,7 +466,7 @@ $sql_resolved_tickets_to_close = mysqli_query( AND ticket_updated_at < NOW() - INTERVAL $config_ticket_autoclose_hours HOUR" ); -while ($row = mysqli_fetch_array($sql_resolved_tickets_to_close)) { +while ($row = mysqli_fetch_assoc($sql_resolved_tickets_to_close)) { $ticket_id = $row['ticket_id']; $ticket_prefix = sanitizeInput($row['ticket_prefix']); @@ -501,7 +507,7 @@ if ($config_send_invoice_reminders == 1) { ORDER BY invoice_number DESC" ); - while ($row = mysqli_fetch_array($sql)) { + while ($row = mysqli_fetch_assoc($sql)) { $invoice_id = intval($row['invoice_id']); $invoice_prefix = sanitizeInput($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); @@ -581,7 +587,7 @@ $sql_recurring_invoices = mysqli_query($mysqli, "SELECT * FROM recurring_invoice AND recurring_invoice_status = 1 "); -while ($row = mysqli_fetch_array($sql_recurring_invoices)) { +while ($row = mysqli_fetch_assoc($sql_recurring_invoices)) { $recurring_invoice_id = intval($row['recurring_invoice_id']); $recurring_invoice_scope = sanitizeInput($row['recurring_invoice_scope']); $recurring_invoice_frequency = sanitizeInput($row['recurring_invoice_frequency']); @@ -615,7 +621,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { $new_invoice_number = mysqli_insert_id($mysqli); //Generate a unique URL key for clients to access - $url_key = randomString(156); + $url_key = randomString(32); mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$recurring_invoice_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_discount_amount = $recurring_invoice_discount_amount, invoice_amount = $recurring_invoice_amount, invoice_currency_code = '$recurring_invoice_currency_code', invoice_note = '$recurring_invoice_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_recurring_invoice_id = $recurring_invoice_id, invoice_client_id = $client_id"); @@ -624,7 +630,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { //Copy Items from original recurring invoice to new invoice $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_recurring_invoice_id = $recurring_invoice_id ORDER BY item_id ASC"); - while ($row = mysqli_fetch_array($sql_invoice_items)) { + while ($row = mysqli_fetch_assoc($sql_invoice_items)) { $item_id = intval($row['item_id']); $item_name = sanitizeInput($row['item_name']); //SQL Escape incase of , $item_description = sanitizeInput($row['item_description']); //SQL Escape incase of , @@ -659,7 +665,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1 WHERE invoice_id = $new_invoice_id" ); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $invoice_prefix = sanitizeInput($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $invoice_scope = sanitizeInput($row['invoice_scope']); @@ -709,7 +715,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { AND contact_client_id = $client_id" ); - while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) { + while ($billing_contact = mysqli_fetch_assoc($sql_billing_contacts)) { $billing_contact_name = sanitizeInput($billing_contact['contact_name']); $billing_contact_email = sanitizeInput($billing_contact['contact_email']); @@ -733,7 +739,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { // Start Flag any active recurring "next run" dates that are in the past $sql_invalid_recurring_invoices = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_next_date < CURDATE() AND recurring_invoice_status = 1"); -while ($row = mysqli_fetch_array($sql_invalid_recurring_invoices)) { +while ($row = mysqli_fetch_assoc($sql_invalid_recurring_invoices)) { $invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']); $invoice_number = intval($row['recurring_invoice_number']); appNotify("Invoice", "Recurring invoice $invoice_prefix$invoice_number next run date is in the past!", "/agent/recurring_invoices.php"); @@ -751,7 +757,7 @@ $sql_recurring_payments = mysqli_query($mysqli, " AND (invoice_status = 'Sent' OR invoice_status = 'Viewed') "); -while ($row = mysqli_fetch_array($sql_recurring_payments)) { +while ($row = mysqli_fetch_assoc($sql_recurring_payments)) { $invoice_id = intval($row['invoice_id']); $invoice_prefix = sanitizeInput($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); @@ -773,7 +779,7 @@ while ($row = mysqli_fetch_array($sql_recurring_payments)) { // Only attempt autopay if a saved payment method is set if ($recurring_payment_saved_payment_id) { // Get the saved payment method and provider details - $saved_payment = mysqli_fetch_array(mysqli_query($mysqli, " + $saved_payment = mysqli_fetch_assoc(mysqli_query($mysqli, " SELECT * FROM client_saved_payment_methods LEFT JOIN payment_providers ON saved_payment_provider_id = payment_provider_id WHERE saved_payment_id = $recurring_payment_saved_payment_id @@ -805,7 +811,7 @@ while ($row = mysqli_fetch_array($sql_recurring_payments)) { AND payment_provider_id = $provider_id LIMIT 1 "); - $cpp_row = mysqli_fetch_array($cpp_query); + $cpp_row = mysqli_fetch_assoc($cpp_query); $stripe_customer_id = $cpp_row ? sanitizeInput($cpp_row['payment_provider_client']) : ''; // Stripe @@ -925,7 +931,7 @@ while ($row = mysqli_fetch_array($sql_recurring_payments)) { // Loop through all recurring expenses that match today's date and is active $sql_recurring_expenses = mysqli_query($mysqli, "SELECT * FROM recurring_expenses WHERE recurring_expense_next_date = CURDATE() AND recurring_expense_status = 1"); -while ($row = mysqli_fetch_array($sql_recurring_expenses)) { +while ($row = mysqli_fetch_assoc($sql_recurring_expenses)) { $recurring_expense_id = intval($row['recurring_expense_id']); $recurring_expense_frequency = intval($row['recurring_expense_frequency']); $recurring_expense_month = intval($row['recurring_expense_month']); @@ -965,7 +971,7 @@ while ($row = mysqli_fetch_array($sql_recurring_expenses)) { // Flag any active recurring "next run" dates that are in the past $sql_invalid_recurring_expenses = mysqli_query($mysqli, "SELECT * FROM recurring_expenses WHERE recurring_expense_next_date < CURDATE() AND recurring_expense_status = 1"); -while ($row = mysqli_fetch_array($sql_invalid_recurring_expenses)) { +while ($row = mysqli_fetch_assoc($sql_invalid_recurring_expenses)) { $recurring_expense_description = sanitizeInput($row['recurring_expense_description']); appNotify("Expense", "Recurring expense $recurring_expense_description next run date is in the past!", "/agent/recurring_expenses.php"); } diff --git a/cron/domain_refresher.php b/cron/domain_refresher.php index 2bb04656..93fa7043 100644 --- a/cron/domain_refresher.php +++ b/cron/domain_refresher.php @@ -16,7 +16,7 @@ require_once "../functions.php"; $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE settings.company_id = 1"); -$row = mysqli_fetch_array($sql_settings); +$row = mysqli_fetch_assoc($sql_settings); // Company Settings $config_enable_cron = intval($row['config_enable_cron']); @@ -35,7 +35,7 @@ if ($config_enable_cron == 0) { // REFRESH DOMAIN WHOIS DATA (1 a day/run) // Get the oldest updated domain (MariaDB shows NULLs first when ordering by default) -$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT domain_id, domain_name, domain_expire FROM `domains` WHERE domain_archived_at IS NULL ORDER BY domain_updated_at LIMIT 1")); +$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT domain_id, domain_name, domain_expire FROM `domains` WHERE domain_archived_at IS NULL ORDER BY domain_updated_at LIMIT 1")); if ($row) { diff --git a/cron/mail_queue.php b/cron/mail_queue.php index c0098dc4..d5000853 100644 --- a/cron/mail_queue.php +++ b/cron/mail_queue.php @@ -1,357 +1,462 @@ -email = $email; - $this->accessToken = $accessToken; - } - public function getOauth64(): string { - $auth = "user={$this->email}\x01auth=Bearer {$this->accessToken}\x01\x01"; - return base64_encode($auth); - } -} - -/** ======================================================================= - * Load settings - * ======================================================================= */ -$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); -$row = mysqli_fetch_array($sql_settings); - -$config_enable_cron = intval($row['config_enable_cron']); - -// SMTP baseline -$config_smtp_host = $row['config_smtp_host']; -$config_smtp_username = $row['config_smtp_username']; -$config_smtp_password = $row['config_smtp_password']; -$config_smtp_port = intval($row['config_smtp_port']); -$config_smtp_encryption = $row['config_smtp_encryption']; - -// SMTP provider + shared OAuth fields -$config_smtp_provider = $row['config_smtp_provider']; // 'standard_smtp' | 'google_oauth' | 'microsoft_oauth' -$config_mail_oauth_client_id = $row['config_mail_oauth_client_id'] ?? ''; -$config_mail_oauth_client_secret = $row['config_mail_oauth_client_secret'] ?? ''; -$config_mail_oauth_tenant_id = $row['config_mail_oauth_tenant_id'] ?? ''; -$config_mail_oauth_refresh_token = $row['config_mail_oauth_refresh_token'] ?? ''; -$config_mail_oauth_access_token = $row['config_mail_oauth_access_token'] ?? ''; -$config_mail_oauth_access_token_expires_at = $row['config_mail_oauth_access_token_expires_at'] ?? ''; - -if ($config_enable_cron == 0) { - logApp("Cron-Mail-Queue", "error", "Cron Mail Queue unable to run - cron not enabled in admin settings."); - exit("Cron: is not enabled -- Quitting.."); -} - -if (empty($config_smtp_provider)) { - logApp("Cron-Mail-Queue", "info", "SMTP sending skipped: provider not configured."); - exit(0); -} - -/** ======================================================================= - * Lock file - * ======================================================================= */ -$temp_dir = sys_get_temp_dir(); -$lock_file_path = "{$temp_dir}/itflow_mail_queue_{$installation_id}.lock"; - -if (file_exists($lock_file_path)) { - $file_age = time() - filemtime($lock_file_path); - if ($file_age > 600) { - unlink($lock_file_path); - logApp("Cron-Mail-Queue", "warning", "Cron Mail Queue detected a lock file was present but was over 10 minutes old so it removed it."); - } else { - logApp("Cron-Mail-Queue", "info", "Cron Mail Queue attempted to execute but was already executing so instead it terminated."); - exit("Script is already running. Exiting."); - } -} - -file_put_contents($lock_file_path, "Locked"); - -/** ======================================================================= - * Mail sender function (defined inside this cron) - * - Handles standard SMTP and XOAUTH2 for Google/Microsoft - * - Reuses shared OAuth settings - * ======================================================================= */ -function sendQueueEmail( - string $provider, - string $host, - int $port, - string $encryption, - string $username, - string $password, - string $from_email, - string $from_name, - string $to_email, - string $to_name, - string $subject, - string $html_body, - string $ics_str, - string $oauth_client_id, - string $oauth_client_secret, - string $oauth_tenant_id, - string $oauth_refresh_token, - string $oauth_access_token, - string $oauth_access_token_expires_at -) { - // Sensible defaults for OAuth providers if fields were left blank - if ($provider === 'google_oauth') { - if (!$host) $host = 'smtp.gmail.com'; - if (!$port) $port = 587; - if (!$encryption) $encryption = 'tls'; - if (!$username) $username = $from_email; - } elseif ($provider === 'microsoft_oauth') { - if (!$host) $host = 'smtp.office365.com'; - if (!$port) $port = 587; - if (!$encryption) $encryption = 'tls'; - if (!$username) $username = $from_email; - } - - $mail = new PHPMailer(true); - $mail->CharSet = "UTF-8"; - $mail->SMTPDebug = 0; - $mail->isSMTP(); - $mail->Host = $host; - $mail->Port = $port; - - $enc = strtolower($encryption); - if ($enc === '' || $enc === 'none') { - $mail->SMTPAutoTLS = false; - $mail->SMTPSecure = false; - $mail->SMTPOptions = ['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]; - } else { - $mail->SMTPSecure = $enc; // 'tls' | 'ssl' - } - - if ($provider === 'google_oauth' || $provider === 'microsoft_oauth') { - // XOAUTH2 - $mail->SMTPAuth = true; - $mail->AuthType = 'XOAUTH2'; - $mail->Username = $username; - - // Pick/refresh access token - $accessToken = trim($oauth_access_token); - $needsRefresh = empty($accessToken); - if (!$needsRefresh && !empty($oauth_access_token_expires_at)) { - $expTs = strtotime($oauth_access_token_expires_at); - if ($expTs && $expTs <= time() + 60) $needsRefresh = true; - } - - if ($needsRefresh) { - if ($provider === 'google_oauth' && function_exists('getGoogleAccessToken')) { - $accessToken = getGoogleAccessToken($username); - } elseif ($provider === 'microsoft_oauth' && function_exists('getMicrosoftAccessToken')) { - $accessToken = getMicrosoftAccessToken($username); - } - } - - if (empty($accessToken)) { - throw new Exception("Missing OAuth access token for XOAUTH2 SMTP."); - } - - $mail->setOAuth(new StaticTokenProvider($username, $accessToken)); - } else { - // Standard SMTP (with or without auth) - $mail->SMTPAuth = !empty($username); - $mail->Username = $username ?: ''; - $mail->Password = $password ?: ''; - } - - // Recipients & content - $mail->setFrom($from_email, $from_name); - $mail->addAddress($to_email, $to_name); - $mail->isHTML(true); - $mail->Subject = $subject; - $mail->Body = $html_body; - - if (!empty($ics_str)) { - $mail->addStringAttachment($ics_str, 'Scheduled_ticket.ics', 'base64', 'text/calendar'); - } - - $mail->send(); - return true; -} - -/** ======================================================================= - * SEND: status = 0 (Queued) - * ======================================================================= */ -$sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status = 0 AND email_queued_at <= NOW()"); - -if (mysqli_num_rows($sql_queue) > 0) { - while ($rowq = mysqli_fetch_array($sql_queue)) { - $email_id = (int)$rowq['email_id']; - $email_from = $rowq['email_from']; - $email_from_name = $rowq['email_from_name']; - $email_recipient = $rowq['email_recipient']; - $email_recipient_name = $rowq['email_recipient_name']; - $email_subject = $rowq['email_subject']; - $email_content = $rowq['email_content']; - $email_ics_str = $rowq['email_cal_str']; - - // Check sender - if (!filter_var($email_from, FILTER_VALIDATE_EMAIL)) { - $email_from_logging = sanitizeInput($rowq['email_from']); - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - logApp("Cron-Mail-Queue", "Error", "Failed to send email #$email_id due to invalid sender address: $email_from_logging - check configuration in settings."); - appNotify("Mail", "Failed to send email #$email_id due to invalid sender address"); - continue; - } - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); - - // Basic recipient syntax check - if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - $email_to_logging = sanitizeInput($email_recipient); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient address. Email subject was: $email_subject_logging"); - appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient address: Email subject was: $email_subject_logging"); - continue; - } - - // More intelligent recipient MX check (if not disabled with --no-mx-validation) - $domain = sanitizeInput(substr($email_recipient, strpos($email_recipient, '@') + 1)); - if (!in_array('--no-mx-validation', $argv) && !checkdnsrr($domain, 'MX')) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - $email_to_logging = sanitizeInput($email_recipient); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient domain (no MX). Email subject was: $email_subject_logging"); - appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient domain (no MX): Email subject was: $email_subject_logging"); - continue; - } - - try { - sendQueueEmail( - ($config_smtp_provider ?: 'standard_smtp'), - $config_smtp_host, - (int)$config_smtp_port, - (string)$config_smtp_encryption, - (string)$config_smtp_username, - (string)$config_smtp_password, - (string)$email_from, - (string)$email_from_name, - (string)$email_recipient, - (string)$email_recipient_name, - (string)$email_subject, - (string)$email_content, - (string)$email_ics_str, - (string)$config_mail_oauth_client_id, - (string)$config_mail_oauth_client_secret, - (string)$config_mail_oauth_tenant_id, - (string)$config_mail_oauth_refresh_token, - (string)$config_mail_oauth_access_token, - (string)$config_mail_oauth_access_token_expires_at - ); - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); - - } catch (Exception $e) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); - - $email_recipient_logging = sanitizeInput($rowq['email_recipient']); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; - - appNotify("Cron-Mail-Queue", "Failed to send email #$email_id to $email_recipient_logging"); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_recipient_logging regarding $email_subject_logging. $err"); - } - } -} - -/** ======================================================================= - * RETRIES: status = 2 (Failed), attempts < 4, wait 30 min - * NOTE: Backoff is `email_failed_at <= NOW() - INTERVAL 30 MINUTE` - * ======================================================================= - */ -$sql_failed_queue = mysqli_query( - $mysqli, - "SELECT * FROM email_queue - WHERE email_status = 2 - AND email_attempts < 4 - AND email_failed_at <= NOW() - INTERVAL 30 MINUTE" -); - -if (mysqli_num_rows($sql_failed_queue) > 0) { - while ($rowf = mysqli_fetch_array($sql_failed_queue)) { - $email_id = (int)$rowf['email_id']; - $email_from = $rowf['email_from']; - $email_from_name = $rowf['email_from_name']; - $email_recipient = $rowf['email_recipient']; - $email_recipient_name = $rowf['email_recipient_name']; - $email_subject = $rowf['email_subject']; - $email_content = $rowf['email_content']; - $email_ics_str = $rowf['email_cal_str']; - $email_attempts = (int)$rowf['email_attempts'] + 1; - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); - - if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = $email_attempts WHERE email_id = $email_id"); - continue; - } - - try { - sendQueueEmail( - ($config_smtp_provider ?: 'standard_smtp'), - $config_smtp_host, - (int)$config_smtp_port, - (string)$config_smtp_encryption, - (string)$config_smtp_username, - (string)$config_smtp_password, - (string)$email_from, - (string)$email_from_name, - (string)$email_recipient, - (string)$email_recipient_name, - (string)$email_subject, - (string)$email_content, - (string)$email_ics_str, - (string)$config_mail_oauth_client_id, - (string)$config_mail_oauth_client_secret, - (string)$config_mail_oauth_tenant_id, - (string)$config_mail_oauth_refresh_token, - (string)$config_mail_oauth_access_token, - (string)$config_mail_oauth_access_token_expires_at - ); - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); - - } catch (Exception $e) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); - - $email_recipient_logging = sanitizeInput($rowf['email_recipient']); - $email_subject_logging = sanitizeInput($rowf['email_subject']); - $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; - - logApp("Cron-Mail-Queue", "Error", "Failed to re-send email #$email_id to $email_recipient_logging regarding $email_subject_logging. $err"); - } - } -} - -/** ======================================================================= - * Unlock - * ======================================================================= */ -unlink($lock_file_path); +email = $email; + $this->accessToken = $accessToken; + } + public function getOauth64(): string { + $auth = "user={$this->email}\x01auth=Bearer {$this->accessToken}\x01\x01"; + return base64_encode($auth); + } +} + +/** ======================================================================= + * Load settings + * ======================================================================= */ +$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); +$row = mysqli_fetch_assoc($sql_settings); + +$config_enable_cron = intval($row['config_enable_cron']); + +// SMTP baseline +$config_smtp_host = $row['config_smtp_host']; +$config_smtp_username = $row['config_smtp_username']; +$config_smtp_password = $row['config_smtp_password']; +$config_smtp_port = intval($row['config_smtp_port']); +$config_smtp_encryption = $row['config_smtp_encryption']; + +// SMTP provider + shared OAuth fields +$config_smtp_provider = $row['config_smtp_provider']; // 'standard_smtp' | 'google_oauth' | 'microsoft_oauth' +$config_mail_oauth_client_id = $row['config_mail_oauth_client_id'] ?? ''; +$config_mail_oauth_client_secret = $row['config_mail_oauth_client_secret'] ?? ''; +$config_mail_oauth_tenant_id = $row['config_mail_oauth_tenant_id'] ?? ''; +$config_mail_oauth_refresh_token = $row['config_mail_oauth_refresh_token'] ?? ''; +$config_mail_oauth_access_token = $row['config_mail_oauth_access_token'] ?? ''; +$config_mail_oauth_access_token_expires_at = $row['config_mail_oauth_access_token_expires_at'] ?? ''; + +if ($config_enable_cron == 0) { + logApp("Cron-Mail-Queue", "error", "Cron Mail Queue unable to run - cron not enabled in admin settings."); + exit("Cron: is not enabled -- Quitting.."); +} + +if (empty($config_smtp_provider)) { + logApp("Cron-Mail-Queue", "info", "SMTP sending skipped: provider not configured."); + exit(0); +} + +/** ======================================================================= + * Lock file + * ======================================================================= */ +$temp_dir = sys_get_temp_dir(); +$lock_file_path = "{$temp_dir}/itflow_mail_queue_{$installation_id}.lock"; + +if (file_exists($lock_file_path)) { + $file_age = time() - filemtime($lock_file_path); + if ($file_age > 600) { + unlink($lock_file_path); + logApp("Cron-Mail-Queue", "warning", "Cron Mail Queue detected a lock file was present but was over 10 minutes old so it removed it."); + } else { + logApp("Cron-Mail-Queue", "info", "Cron Mail Queue attempted to execute but was already executing so instead it terminated."); + exit("Script is already running. Exiting."); + } +} + +file_put_contents($lock_file_path, "Locked"); + +/** ======================================================================= + * Mail OAuth helpers + sender function + * ======================================================================= */ +function tokenIsExpired(?string $expires_at): bool { + if (empty($expires_at)) { + return true; + } + + $ts = strtotime($expires_at); + + if ($ts === false) { + return true; + } + + return ($ts - 60) <= time(); +} + +function httpFormPost(string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + + curl_close($ch); + + return [ + 'ok' => ($raw !== false && $code >= 200 && $code < 300), + 'body' => $raw, + 'code' => $code, + 'err' => $err, + ]; +} + +function persistMailOauthTokens(string $access_token, string $expires_at, ?string $refresh_token = null): void { + global $mysqli; + + $access_token_esc = mysqli_real_escape_string($mysqli, $access_token); + $expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + + $refresh_sql = ''; + if (!empty($refresh_token)) { + $refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token); + $refresh_sql = ", config_mail_oauth_refresh_token = '{$refresh_token_esc}'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '{$access_token_esc}', config_mail_oauth_access_token_expires_at = '{$expires_at_esc}'{$refresh_sql} WHERE company_id = 1"); +} + +function refreshMailOauthAccessToken(string $provider, string $oauth_client_id, string $oauth_client_secret, string $oauth_tenant_id, string $oauth_refresh_token): ?array { + $result = null; + $response = null; + + if (!empty($oauth_client_id) && !empty($oauth_client_secret) && !empty($oauth_refresh_token)) { + if ($provider === 'google_oauth') { + $response = httpFormPost(GOOGLE_OAUTH_TOKEN_URL, [ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } elseif ($provider === 'microsoft_oauth' && !empty($oauth_tenant_id)) { + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($oauth_tenant_id) . "/oauth2/v2.0/token"; + $response = httpFormPost($token_url, [ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } + } + + if (is_array($response) && !empty($response['ok'])) { + $json = json_decode($response['body'], true); + + if (is_array($json) && !empty($json['access_token'])) { + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $result = [ + 'access_token' => $json['access_token'], + 'expires_at' => $expires_at, + 'refresh_token' => $json['refresh_token'] ?? null, + ]; + } + } + + return $result; +} + +function resolveMailOauthAccessToken(string $provider, string $oauth_client_id, string $oauth_client_secret, string $oauth_tenant_id, string $oauth_refresh_token, string $oauth_access_token, string $oauth_access_token_expires_at): ?string { + if (!empty($oauth_access_token) && !tokenIsExpired($oauth_access_token_expires_at)) { + return $oauth_access_token; + } + + $tokens = refreshMailOauthAccessToken($provider, $oauth_client_id, $oauth_client_secret, $oauth_tenant_id, $oauth_refresh_token); + + if (!is_array($tokens) || empty($tokens['access_token']) || empty($tokens['expires_at'])) { + return null; + } + + persistMailOauthTokens($tokens['access_token'], $tokens['expires_at'], $tokens['refresh_token'] ?? null); + + return $tokens['access_token']; +} + +function sendQueueEmail( + string $provider, + string $host, + int $port, + string $encryption, + string $username, + string $password, + string $from_email, + string $from_name, + string $to_email, + string $to_name, + string $subject, + string $html_body, + string $ics_str, + string $oauth_client_id, + string $oauth_client_secret, + string $oauth_tenant_id, + string $oauth_refresh_token, + string $oauth_access_token, + string $oauth_access_token_expires_at +) { + // Sensible defaults for OAuth providers if fields were left blank + if ($provider === 'google_oauth') { + if (!$host) $host = 'smtp.gmail.com'; + if (!$port) $port = 587; + if (!$encryption) $encryption = 'tls'; + if (!$username) $username = $from_email; + } elseif ($provider === 'microsoft_oauth') { + if (!$host) $host = 'smtp.office365.com'; + if (!$port) $port = 587; + if (!$encryption) $encryption = 'tls'; + if (!$username) $username = $from_email; + } + + $mail = new PHPMailer(true); + $mail->CharSet = "UTF-8"; + $mail->SMTPDebug = 0; + $mail->isSMTP(); + $mail->Host = $host; + $mail->Port = $port; + + $enc = strtolower($encryption); + if ($enc === '' || $enc === 'none') { + $mail->SMTPAutoTLS = false; + $mail->SMTPSecure = false; + $mail->SMTPOptions = ['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]; + } else { + $mail->SMTPSecure = $enc; // 'tls' | 'ssl' + } + + if ($provider === 'google_oauth' || $provider === 'microsoft_oauth') { + // XOAUTH2 + $mail->SMTPAuth = true; + $mail->AuthType = 'XOAUTH2'; + $mail->Username = $username; + + $access_token = resolveMailOauthAccessToken( + $provider, + trim($oauth_client_id), + trim($oauth_client_secret), + trim($oauth_tenant_id), + trim($oauth_refresh_token), + trim($oauth_access_token), + trim($oauth_access_token_expires_at) + ); + + if (empty($access_token)) { + throw new Exception("Missing OAuth access token for XOAUTH2 SMTP."); + } + + $mail->setOAuth(new StaticTokenProvider($username, $access_token)); + } else { + // Standard SMTP (with or without auth) + $mail->SMTPAuth = !empty($username); + $mail->Username = $username ?: ''; + $mail->Password = $password ?: ''; + } + + // Recipients & content + $mail->setFrom($from_email, $from_name); + $mail->addAddress($to_email, $to_name); + $mail->isHTML(true); + $mail->Subject = $subject; + $mail->Body = $html_body; + + if (!empty($ics_str)) { + $mail->addStringAttachment($ics_str, 'Scheduled_ticket.ics', 'base64', 'text/calendar'); + } + + $mail->send(); + return true; +} + +/** ======================================================================= + * SEND: status = 0 (Queued) + * ======================================================================= */ +$sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status = 0 AND email_queued_at <= NOW()"); + +if (mysqli_num_rows($sql_queue) > 0) { + while ($rowq = mysqli_fetch_assoc($sql_queue)) { + $email_id = (int)$rowq['email_id']; + $email_from = $rowq['email_from']; + $email_from_name = $rowq['email_from_name']; + $email_recipient = $rowq['email_recipient']; + $email_recipient_name = $rowq['email_recipient_name']; + $email_subject = $rowq['email_subject']; + $email_content = $rowq['email_content']; + $email_ics_str = $rowq['email_cal_str']; + + // Check sender + if (!filter_var($email_from, FILTER_VALIDATE_EMAIL)) { + $email_from_logging = sanitizeInput($rowq['email_from']); + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + logApp("Cron-Mail-Queue", "Error", "Failed to send email #$email_id due to invalid sender address: $email_from_logging - check configuration in settings."); + appNotify("Mail", "Failed to send email #$email_id due to invalid sender address"); + continue; + } + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); + + // Basic recipient syntax check + if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + $email_to_logging = sanitizeInput($email_recipient); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient address. Email subject was: $email_subject_logging"); + appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient address: Email subject was: $email_subject_logging"); + continue; + } + + // More intelligent recipient MX check (if not disabled with --no-mx-validation) + $domain = sanitizeInput(substr($email_recipient, strpos($email_recipient, '@') + 1)); + if (!in_array('--no-mx-validation', $argv) && !checkdnsrr($domain, 'MX')) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + $email_to_logging = sanitizeInput($email_recipient); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient domain (no MX). Email subject was: $email_subject_logging"); + appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient domain (no MX): Email subject was: $email_subject_logging"); + continue; + } + + try { + sendQueueEmail( + ($config_smtp_provider ?: 'standard_smtp'), + $config_smtp_host, + (int)$config_smtp_port, + (string)$config_smtp_encryption, + (string)$config_smtp_username, + (string)$config_smtp_password, + (string)$email_from, + (string)$email_from_name, + (string)$email_recipient, + (string)$email_recipient_name, + (string)$email_subject, + (string)$email_content, + (string)$email_ics_str, + (string)$config_mail_oauth_client_id, + (string)$config_mail_oauth_client_secret, + (string)$config_mail_oauth_tenant_id, + (string)$config_mail_oauth_refresh_token, + (string)$config_mail_oauth_access_token, + (string)$config_mail_oauth_access_token_expires_at + ); + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); + + } catch (Exception $e) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); + + $email_recipient_logging = sanitizeInput($rowq['email_recipient']); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; + + appNotify("Cron-Mail-Queue", "Failed to send email #$email_id to $email_recipient_logging"); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_recipient_logging regarding $email_subject_logging. $err"); + } + } +} + +/** ======================================================================= + * RETRIES: status = 2 (Failed), attempts < 4, wait 30 min + * NOTE: Backoff is `email_failed_at <= NOW() - INTERVAL 30 MINUTE` + * ======================================================================= + */ +$sql_failed_queue = mysqli_query( + $mysqli, + "SELECT * FROM email_queue + WHERE email_status = 2 + AND email_attempts < 4 + AND email_failed_at <= NOW() - INTERVAL 30 MINUTE" +); + +if (mysqli_num_rows($sql_failed_queue) > 0) { + while ($rowf = mysqli_fetch_assoc($sql_failed_queue)) { + $email_id = (int)$rowf['email_id']; + $email_from = $rowf['email_from']; + $email_from_name = $rowf['email_from_name']; + $email_recipient = $rowf['email_recipient']; + $email_recipient_name = $rowf['email_recipient_name']; + $email_subject = $rowf['email_subject']; + $email_content = $rowf['email_content']; + $email_ics_str = $rowf['email_cal_str']; + $email_attempts = (int)$rowf['email_attempts'] + 1; + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); + + if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = $email_attempts WHERE email_id = $email_id"); + continue; + } + + try { + sendQueueEmail( + ($config_smtp_provider ?: 'standard_smtp'), + $config_smtp_host, + (int)$config_smtp_port, + (string)$config_smtp_encryption, + (string)$config_smtp_username, + (string)$config_smtp_password, + (string)$email_from, + (string)$email_from_name, + (string)$email_recipient, + (string)$email_recipient_name, + (string)$email_subject, + (string)$email_content, + (string)$email_ics_str, + (string)$config_mail_oauth_client_id, + (string)$config_mail_oauth_client_secret, + (string)$config_mail_oauth_tenant_id, + (string)$config_mail_oauth_refresh_token, + (string)$config_mail_oauth_access_token, + (string)$config_mail_oauth_access_token_expires_at + ); + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); + + } catch (Exception $e) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); + + $email_recipient_logging = sanitizeInput($rowf['email_recipient']); + $email_subject_logging = sanitizeInput($rowf['email_subject']); + $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; + + logApp("Cron-Mail-Queue", "Error", "Failed to re-send email #$email_id to $email_recipient_logging regarding $email_subject_logging. $err"); + } + } +} + +/** ======================================================================= + * Unlock + * ======================================================================= */ +unlink($lock_file_path); diff --git a/cron/ticket_email_parser.php b/cron/ticket_email_parser.php index 163e703b..e0903ef8 100644 --- a/cron/ticket_email_parser.php +++ b/cron/ticket_email_parser.php @@ -1,802 +1,914 @@ - Ticketing > Email-to-ticket parsing. See https://docs.itflow.org/ticket_email_parse -- Quitting.."); -} - -// System temp directory & lock -$temp_dir = sys_get_temp_dir(); -$lock_file_path = "{$temp_dir}/itflow_email_parser_{$installation_id}.lock"; - -if (file_exists($lock_file_path)) { - $file_age = time() - filemtime($lock_file_path); - if ($file_age > 300) { - unlink($lock_file_path); - logApp("Cron-Email-Parser", "warning", "Cron Email Parser detected a lock file was present but was over 5 minutes old so it removed it."); - } else { - logApp("Cron-Email-Parser", "warning", "Lock file present. Cron Email Parser attempted to execute but was already executing, so instead it terminated."); - exit("Script is already running. Exiting."); - } -} -file_put_contents($lock_file_path, "Locked"); - -// Ensure lock gets removed even on fatal error -register_shutdown_function(function() use ($lock_file_path) { - if (file_exists($lock_file_path)) { - @unlink($lock_file_path); - } -}); - -// Allowed attachment extensions -$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf', 'txt', 'md', 'doc', 'docx', 'csv', 'xls', 'xlsx', 'xlsm', 'zip', 'tar', 'gz'); - -/** ------------------------------------------------------------------ - * Ticket / Reply helpers (unchanged) - * ------------------------------------------------------------------ */ -function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { - global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; - - // Atomically increment and get the new ticket number - mysqli_query($mysqli, " - UPDATE settings - SET - config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), - config_ticket_next_number = config_ticket_next_number + 1 - WHERE company_id = 1 - "); - - $ticket_number = mysqli_insert_id($mysqli); - - // Clean up the message - $message = trim($message); - // Remove DOCTYPE and meta tags - $message = preg_replace('/]*>/i', '', $message); - $message = preg_replace('/]*>/i', '', $message); - // Remove , , and their closing tags - $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); - // Collapse excess whitespace - $message = preg_replace('/\s+/', ' ', $message); - // Convert newlines to
      - $message = nl2br($message); - // Wrap final formatted message - $message = "Email from: $contact_name <$contact_email> at $date:-

      $message
      "; - - $ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); - $message_esc = mysqli_real_escape_string($mysqli, $message); - $contact_email_esc = mysqli_real_escape_string($mysqli, $contact_email); - $client_id = intval($client_id); - - $url_key = randomString(156); - - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_source = 'Email', ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); - $id = mysqli_insert_id($mysqli); - - // Logging - logAction("Ticket", "Create", "Email parser: Client contact $contact_email_esc created ticket $ticket_prefix_esc$ticket_number ($subject) ($id)", $client_id, $id); - - mkdirMissing('../uploads/tickets/'); - $att_dir = "../uploads/tickets/" . $id . "/"; - mkdirMissing($att_dir); - - // Move original .eml into the ticket folder - rename("../uploads/tmp/{$original_message_file}", "{$att_dir}/{$original_message_file}"); - $original_message_file_esc = mysqli_real_escape_string($mysqli, $original_message_file); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = 'Original-parsed-email.eml', ticket_attachment_reference_name = '$original_message_file_esc', ticket_attachment_ticket_id = $id"); - - // Save non-inline attachments - foreach ($attachments as $attachment) { - $att_name = $attachment['name']; - $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); - - if (in_array($att_extension, $allowed_extensions)) { - $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; - $att_saved_path = $att_dir . $att_saved_filename; - file_put_contents($att_saved_path, $attachment['content']); - - $ticket_attachment_name = sanitizeInput($att_name); - $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); - - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); - $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_ticket_id = $id"); - } else { - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); - logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $contact_email_esc for ticket $ticket_prefix_esc$ticket_number", $client_id, $id); - } - } - - // Guest ticket watchers - if ($client_id == 0) { - mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$contact_email_esc', watcher_ticket_id = $id"); - } - - $data = []; - if ($config_ticket_client_general_notifications == 1) { - $subject_email = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; - $body = "##- Please type your reply above this line -##

      Hello $contact_name,

      Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

      Ticket: $config_ticket_prefix$ticket_number
      Subject: $subject
      Status: New
      Portal: View ticket

      --
      $company_name - Support
      $config_ticket_from_email
      $company_phone"; - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject_email, - 'body' => mysqli_real_escape_string($mysqli, $body) - ]; - } - - if ($config_ticket_new_ticket_notification_email) { - if ($client_id == 0) { - $client_name = "Guest"; - } else { - $client_sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id"); - $client_row = mysqli_fetch_array($client_sql); - $client_name = sanitizeInput($client_row['client_name']); - } - $email_subject = "$config_app_name - New Ticket - $client_name: $subject"; - $email_body = "Hello,

      This is a notification that a new ticket has been raised in ITFlow.
      Client: $client_name
      Priority: Low (email parsed)
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$id

      --------------------------------

      $subject
      $message"; - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $config_ticket_new_ticket_notification_email, - 'recipient_name' => $config_ticket_from_name, - 'subject' => $email_subject, - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ]; - } - - addToMailQueue($data); - customAction('ticket_create', $id); - - return true; -} - -function addReply($from_email, $date, $subject, $ticket_number, $message, $attachments) { - global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $allowed_extensions; - - $ticket_reply_type = 'Client'; - // $message contains the raw HTML body from IMAP - - // 1) Remove the reply separator and everything below it (HTML-aware) - // This matches: ##- Please type your reply above this line -## and EVERYTHING after it - $message = preg_replace( - '/]*>##-\s*Please\s+type\s+your\s+reply\s+above\s+this\s+line\s*-##<\/i>.*$/is', - '', - $message - ); - - // 2) Clean up the remaining message - - // Remove DOCTYPE and meta tags - $message = preg_replace('/]*>/i', '', $message); - $message = preg_replace('/]*>/i', '', $message); - - // Remove , , and their closing tags - $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); - - // Trim leading/trailing whitespace - $message = trim($message); - - // Normalize line breaks to spaces - $message = preg_replace('/\r\n|\r|\n/', ' ', $message); - - // Convert to
      for HTML display - $message = nl2br($message); - - // 3) Final wrapper - $message = "Email from: $from_email at $date:-

      -
      $message
      "; - - $ticket_number_esc = intval($ticket_number); - $message_esc = mysqli_real_escape_string($mysqli, $message); - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email, client_name - FROM tickets - LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id - LEFT JOIN clients on tickets.ticket_client_id = clients.client_id - WHERE ticket_number = $ticket_number_esc LIMIT 1")); - - if ($row) { - $ticket_id = intval($row['ticket_id']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_status = sanitizeInput($row['ticket_status']); - $ticket_reply_contact = intval($row['ticket_contact_id']); - $ticket_contact_email = sanitizeInput($row['contact_email']); - $client_id = intval($row['ticket_client_id']); - $client_name = sanitizeInput($row['client_name']); - - if ($ticket_status == 5) { - $config_ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); - $ticket_number_esc2 = mysqli_real_escape_string($mysqli, $ticket_number); - - appNotify("Ticket", "Email parser: $from_email attempted to re-open ticket $config_ticket_prefix_esc$ticket_number_esc2 (ID $ticket_id) - check inbox manually to see email", "/agent/ticket.php?ticket_id=$ticket_id", $client_id); - - $email_subject = "Action required: This ticket is already closed"; - $email_body = "Hi there,

      You've tried to reply to a ticket that is closed - we won't see your response.

      Please raise a new ticket by sending a new e-mail to our support address below.

      --
      $company_name - Support
      $config_ticket_from_email
      $company_phone"; - - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $from_email, - 'recipient_name' => $from_email, - 'subject' => $email_subject, - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ] - ]; - - addToMailQueue($data); - return true; - } - - if (empty($ticket_contact_email) || $ticket_contact_email !== $from_email) { - $from_email_esc2 = mysqli_real_escape_string($mysqli, $from_email); - $row2 = mysqli_fetch_array(mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_email = '$from_email_esc2' AND contact_client_id = $client_id LIMIT 1")); - if ($row2) { - $ticket_reply_contact = intval($row2['contact_id']); - } else { - $ticket_reply_type = 'Internal'; - $ticket_reply_contact = '0'; - $message = "WARNING: Contact email mismatch
      $message"; - $message_esc = mysqli_real_escape_string($mysqli, $message); - } - } - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$message_esc', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id"); - $reply_id = mysqli_insert_id($mysqli); - - $ticket_dir = "../uploads/tickets/" . $ticket_id . "/"; - mkdirMissing($ticket_dir); - - foreach ($attachments as $attachment) { - $att_name = $attachment['name']; - $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); - - if (in_array($att_extension, $allowed_extensions)) { - $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; - $att_saved_path = $ticket_dir . $att_saved_filename; - file_put_contents($att_saved_path, $attachment['content']); - - $ticket_attachment_name = sanitizeInput($att_name); - $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); - - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); - $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_reply_id = $reply_id, ticket_attachment_ticket_id = $ticket_id"); - } else { - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); - logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $from_email_esc for ticket $config_ticket_prefix$ticket_number_esc", $client_id, $ticket_id); - } - } - - $ticket_assigned_to_sql = mysqli_query($mysqli, "SELECT ticket_assigned_to FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); - if ($ticket_assigned_to_sql) { - $row3 = mysqli_fetch_array($ticket_assigned_to_sql); - $ticket_assigned_to = intval($row3['ticket_assigned_to']); - - if ($ticket_assigned_to) { - $tech_sql = mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1"); - $tech_row = mysqli_fetch_array($tech_sql); - $tech_email = sanitizeInput($tech_row['user_email']); - $tech_name = sanitizeInput($tech_row['user_name']); - - $email_subject = "$config_app_name - Ticket updated - [$config_ticket_prefix$ticket_number] $ticket_subject"; - $email_body = "Hello $tech_name,

      A new reply has been added to the below ticket.

      Client: $client_name
      Ticket: $config_ticket_prefix$ticket_number
      Subject: $ticket_subject
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id

      --------------------------------
      $message_esc"; - - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $tech_email, - 'recipient_name' => $tech_name, - 'subject' => mysqli_real_escape_string($mysqli, $email_subject), - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ] - ]; - addToMailQueue($data); - } - } - - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"); - - logAction("Ticket", "Edit", "Email parser: Client contact $from_email_esc updated ticket $config_ticket_prefix$ticket_number_esc ($subject)", $client_id, $ticket_id); - customAction('ticket_reply_client', $ticket_id); - return true; - } else { - return false; - } -} - -/** ------------------------------------------------------------------ - * OAuth helpers + provider guard - * ------------------------------------------------------------------ */ - -// returns true if expires_at ('Y-m-d H:i:s') is in the past (or missing) -function tokenExpired(?string $expires_at): bool { - if (empty($expires_at)) return true; - $ts = strtotime($expires_at); - if ($ts === false) return true; - // refresh a little early (60s) to avoid race - return ($ts - 60) <= time(); -} - -// very small form-encoded POST helper using curl -function httpFormPost(string $url, array $fields): array { - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); - curl_setopt($ch, CURLOPT_TIMEOUT, 20); - $raw = curl_exec($ch); - $err = curl_error($ch); - $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - return ['ok' => ($raw !== false && $code >= 200 && $code < 300), 'body' => $raw, 'code' => $code, 'err' => $err]; -} - -/** - * Get a valid access token for Google Workspace IMAP via refresh token if needed. - * Uses settings: config_mail_oauth_client_id / _client_secret / _refresh_token / _access_token / _access_token_expires_at - * Updates globals if refreshed (so later logging can reflect it if you want to persist). - */ -function getGoogleAccessToken(string $username): ?string { - // pull from global settings variables you already load - global $mysqli, - $config_mail_oauth_client_id, - $config_mail_oauth_client_secret, - $config_mail_oauth_refresh_token, - $config_mail_oauth_access_token, - $config_mail_oauth_access_token_expires_at; - - // If we have a not-expired token, use it - if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { - return $config_mail_oauth_access_token; - } - - // Need to refresh? - if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { - // Nothing we can do - return null; - } - - $resp = httpFormPost( - 'https://oauth2.googleapis.com/token', - [ - 'client_id' => $config_mail_oauth_client_id, - 'client_secret' => $config_mail_oauth_client_secret, - 'refresh_token' => $config_mail_oauth_refresh_token, - 'grant_type' => 'refresh_token', - ] - ); - - if (!$resp['ok']) return null; - - $json = json_decode($resp['body'], true); - if (!is_array($json) || empty($json['access_token'])) return null; - - // Calculate new expiry - $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); - - // Update in-memory globals (and persist to DB) - $config_mail_oauth_access_token = $json['access_token']; - $config_mail_oauth_access_token_expires_at = $expires_at; - - $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); - $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); - mysqli_query($mysqli, "UPDATE settings SET - config_mail_oauth_access_token = '{$at_esc}', - config_mail_oauth_access_token_expires_at = '{$exp_esc}' - WHERE company_id = 1 - "); - - return $config_mail_oauth_access_token; -} - -/** - * Get a valid access token for Microsoft 365 IMAP via refresh token if needed. - * Uses settings: config_mail_oauth_client_id / _client_secret / _tenant_id / _refresh_token / _access_token / _access_token_expires_at - */ -function getMicrosoftAccessToken(string $username): ?string { - global $mysqli, - $config_mail_oauth_client_id, - $config_mail_oauth_client_secret, - $config_mail_oauth_tenant_id, - $config_mail_oauth_refresh_token, - $config_mail_oauth_access_token, - $config_mail_oauth_access_token_expires_at; - - if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { - return $config_mail_oauth_access_token; - } - - if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token) || empty($config_mail_oauth_tenant_id)) { - return null; - } - - $url = "https://login.microsoftonline.com/".rawurlencode($config_mail_oauth_tenant_id)."/oauth2/v2.0/token"; - - $resp = httpFormPost($url, [ - 'client_id' => $config_mail_oauth_client_id, - 'client_secret' => $config_mail_oauth_client_secret, - 'refresh_token' => $config_mail_oauth_refresh_token, - 'grant_type' => 'refresh_token', - // IMAP/SMTP scopes typically included at initial consent; not needed for refresh - ]); - - if (!$resp['ok']) return null; - - $json = json_decode($resp['body'], true); - if (!is_array($json) || empty($json['access_token'])) return null; - - $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); - - $config_mail_oauth_access_token = $json['access_token']; - $config_mail_oauth_access_token_expires_at = $expires_at; - - $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); - $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); - mysqli_query($mysqli, "UPDATE settings SET - config_mail_oauth_access_token = '{$at_esc}', - config_mail_oauth_access_token_expires_at = '{$exp_esc}' - WHERE company_id = 1 - "); - - return $config_mail_oauth_access_token; -} - -// Provider from settings (may be NULL/empty to disable IMAP polling) -$imap_provider = $config_imap_provider ?? ''; -if ($imap_provider === null) $imap_provider = ''; - -if ($imap_provider === '') { - // IMAP disabled by admin: exit cleanly - logApp("Cron-Email-Parser", "info", "IMAP polling skipped: provider not configured."); - @unlink($lock_file_path); - exit(0); -} - -/** ------------------------------------------------------------------ - * Webklex IMAP setup (supports Standard / Google OAuth / Microsoft OAuth) - * ------------------------------------------------------------------ */ -use Webklex\PHPIMAP\ClientManager; - -$validate_cert = true; - -// Defaults from settings (standard IMAP) -$host = $config_imap_host; -$port = (int)$config_imap_port; -$encr = !empty($config_imap_encryption) ? $config_imap_encryption : 'notls'; // 'ssl'|'tls'|'notls' -$user = $config_imap_username; -$pass = $config_imap_password; -$auth = null; // 'oauth' for OAuth providers - -if ($imap_provider === 'google_oauth') { - $host = 'imap.gmail.com'; - $port = 993; - $encr = 'ssl'; - $auth = 'oauth'; - $pass = getGoogleAccessToken($user); - if (empty($pass)) { - logApp("Cron-Email-Parser", "error", "Google OAuth: no usable access token (check refresh token/client credentials)."); - @unlink($lock_file_path); - exit(1); - } -} elseif ($imap_provider === 'microsoft_oauth') { - $host = 'outlook.office365.com'; - $port = 993; - $encr = 'ssl'; - $auth = 'oauth'; - $pass = getMicrosoftAccessToken($user); - if (empty($pass)) { - logApp("Cron-Email-Parser", "error", "Microsoft OAuth: no usable access token (check refresh token/client credentials/tenant)."); - @unlink($lock_file_path); - exit(1); - } -} else { - // standard_imap (username/password) - if (empty($host) || empty($port) || empty($user)) { - logApp("Cron-Email-Parser", "error", "Standard IMAP: missing host/port/username."); - @unlink($lock_file_path); - exit(1); - } -} - -$cm = new ClientManager(); - -$client = $cm->make(array_filter([ - 'host' => $host, - 'port' => $port, - 'encryption' => $encr, // 'ssl' | 'tls' | null - 'validate_cert' => (bool)$validate_cert, - 'username' => $user, // full mailbox address (OAuth uses user as principal) - 'password' => $pass, // access token when $auth === 'oauth' - 'authentication' => $auth, // 'oauth' or null - 'protocol' => 'imap', -])); - -try { - $client->connect(); -} catch (\Throwable $e) { - echo "Error connecting to IMAP server: " . $e->getMessage(); - @unlink($lock_file_path); - exit(1); -} - -$inbox = $client->getFolderByPath('INBOX'); - -$targetFolderPath = 'ITFlow'; -try { - $targetFolder = $client->getFolderByPath($targetFolderPath); -} catch (\Throwable $e) { - $client->createFolder($targetFolderPath); - $targetFolder = $client->getFolderByPath($targetFolderPath); -} - -// Fetch unseen messages -$messages = $inbox->messages()->leaveUnread()->unseen()->get(); - -// Counters -$processed_count = 0; -$unprocessed_count = 0; - -// Process messages -foreach ($messages as $message) { - $email_processed = false; - - // Save original message as .eml (getRawMessage() doesn't seem to work properly) - mkdirMissing('../uploads/tmp/'); - $original_message_file = "processed-eml-" . randomString(200) . ".eml"; - $raw_message = (string)$message->getHeader()->raw . "\r\n\r\n" . ($message->getRawBody() ?? $message->getHTMLBody() ?? $message->getTextBody()); - file_put_contents("../uploads/tmp/{$original_message_file}", $raw_message); - - // From - $fromCol = $message->getFrom(); - $fromFirst = ($fromCol && $fromCol->count()) ? $fromCol->first() : null; - $from_email = sanitizeInput($fromFirst->mail ?? 'itflow-guest@example.com'); - $from_name = sanitizeInput($fromFirst->personal ?? 'Unknown'); - - $from_domain = explode("@", $from_email); - $from_domain = sanitizeInput(end($from_domain)); - - // Subject - $subject = sanitizeInput((string)$message->getSubject() ?: 'No Subject'); - - // Date (string) - $dateAttr = $message->getDate(); // Attribute - $dateRaw = $dateAttr ? (string)$dateAttr : ''; // e.g. "Tue, 10 Sep 2025 13:22:05 +0000" - $ts = $dateRaw ? strtotime($dateRaw) : false; - $date = sanitizeInput($ts !== false ? date('Y-m-d H:i:s', $ts) : date('Y-m-d H:i:s')); - - // Body (prefer HTML) - $message_body_html = $message->getHTMLBody(); - $message_body_text = $message->getTextBody(); - $message_body = $message_body_html ?: nl2br(htmlspecialchars((string)$message_body_text)); - - // Handle attachments (inline vs regular) - $attachments = []; - foreach ($message->getAttachments() as $att) { - $attrs = $att->getAttributes(); // v6.2: canonical source - $dispo = strtolower((string)($attrs['disposition'] ?? '')); - $cid = $attrs['id'] ?? null; // Content-ID - $content = $attrs['content'] ?? null; // binary - $mime = $att->getMimeType(); - $name = $att->getName() ?: 'attachment'; - - $is_inline = false; - if ($dispo === 'inline' && $cid && $content !== null) { - $cid_trim = trim($cid, '<>'); - $dataUri = "data:$mime;base64,".base64_encode($content); - $message_body = str_replace(["cid:$cid_trim", "cid:$cid"], $dataUri, $message_body); - $is_inline = true; - } - - if (!$is_inline && $content !== null) { - $attachments[] = ['name' => $name, 'content' => $content]; - } - } - - // 1. Reply to existing ticket with the number in subject - if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $subject, $ticket_number_matches)) { - $ticket_number = intval($ticket_number_matches[1]); - $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); - } - - // 2. Fuzzy duplicate check using a known contact/domain and similar_text subject - if (!$email_processed && strlen(trim($subject)) > 10) { - $contact_id = 0; - $client_id = 0; - - // First: check if sender is a registered contact - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); - $contact_row = mysqli_fetch_array($contact_sql); - - if ($contact_row) { - $contact_id = intval($contact_row['contact_id']); - $client_id = intval($contact_row['contact_client_id']); - } else { - // Else: check if sender domain is registered - $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); - $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); - $domain_row = mysqli_fetch_assoc($domain_sql); - - if ($domain_row && $from_domain == $domain_row['domain_name']) { - $client_id = intval($domain_row['domain_client_id']); - } - } - - // If we found either a contact or a domain, check recent tickets for a matching subject - if ($client_id) { - $recent_tickets_sql = mysqli_query($mysqli, - "SELECT ticket_id, ticket_number, ticket_subject - FROM tickets - WHERE ticket_client_id = $client_id AND ticket_resolved_at IS NULL - AND ticket_created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)" - ); - - while ($rowt = mysqli_fetch_assoc($recent_tickets_sql)) { - $ticket_number = intval($rowt['ticket_number']); - $existing_subject = $rowt['ticket_subject']; - - // Calculate similarity percentage - similar_text(strtolower($subject), strtolower($existing_subject), $percent); - - if ($percent >= 95) { - // Treat as a reply/duplicate - $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); - break; - } - } - } - } - - // 3. A known, registered contact? - if (!$email_processed) { - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - $any_contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); - $rowc = mysqli_fetch_array($any_contact_sql); - - if ($rowc) { - $contact_name = sanitizeInput($rowc['contact_name']); - $contact_id = intval($rowc['contact_id']); - $contact_email = sanitizeInput($rowc['contact_email']); - $client_id = intval($rowc['contact_client_id']); - - $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); - } - } - - // 4. A known domain? - if (!$email_processed) { - $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); - $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); - $rowd = mysqli_fetch_assoc($domain_sql); - - if ($rowd && $from_domain == $rowd['domain_name']) { - $client_id = intval($rowd['domain_client_id']); - - // Create a new contact - $contact_name = $from_name; - $contact_email = $from_email; - mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '".mysqli_real_escape_string($mysqli, $contact_name)."', contact_email = '".mysqli_real_escape_string($mysqli, $contact_email)."', contact_notes = 'Added automatically via email parsing.', contact_client_id = $client_id"); - $contact_id = mysqli_insert_id($mysqli); - - logAction("Contact", "Create", "Email parser: created contact " . mysqli_real_escape_string($mysqli, $contact_name), $client_id, $contact_id); - customAction('contact_create', $contact_id); - - $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); - } - } - - // 5. Unknown sender allowed? - if (!$email_processed && $config_ticket_email_parse_unknown_senders) { - $bad_from_pattern = "/daemon|postmaster/i"; - if (!preg_match($bad_from_pattern, $from_email)) { - $email_processed = addTicket(0, $from_name, $from_email, 0, $date, $subject, $message_body, $attachments, $original_message_file); - } - } - - - // Flag/move based on processing result - if ($email_processed) { - $processed_count++; // increment first so a move failure doesn't hide the success - try { - $message->setFlag('Seen'); - // Move using the Folder object (top-level "ITFlow") - $message->move($targetFolderPath); - // optional: logApp("Cron-Email-Parser", "info", "Moved message to ITFlow"); - } catch (\Throwable $e) { - // >>> Put the extra logging RIGHT HERE - $subj = (string)$message->getSubject(); - $uid = method_exists($message, 'getUid') ? $message->getUid() : 'n/a'; - $path = property_exists($targetFolder, 'path') ? $targetFolder->path : 'ITFlow'; - logApp( - "Cron-Email-Parser", - "warning", - "Move failed (subject=\"$subj\", uid=$uid) to [$path]: ".$e->getMessage() - ); - } - } else { - $unprocessed_count++; - try { - $message->setFlag('Flagged'); - $message->unsetFlag('Seen'); - } catch (\Throwable $e) { - logApp("Cron-Email-Parser", "warning", "Flag update failed: ".$e->getMessage()); - } - } - - // Cleanup temp .eml if still present (e.g., reply path) - if (isset($original_message_file)) { - $tmp_path = "../uploads/tmp/{$original_message_file}"; - if (file_exists($tmp_path)) { @unlink($tmp_path); } - } -} - -// Expunge & disconnect -try { - $client->expunge(); -} catch (\Throwable $e) { - // ignore -} -$client->disconnect(); - -// Execution timing (optional) -$script_end_time = microtime(true); -$execution_time = $script_end_time - $script_start_time; -$execution_time_formatted = number_format($execution_time, 2); - -$processed_info = "Processed: $processed_count email(s), Unprocessed: $unprocessed_count email(s)"; -// logAction("Cron-Email-Parser", "Execution", "Cron Email Parser executed in $execution_time_formatted seconds. $processed_info"); - -// Remove the lock file -unlink($lock_file_path); - -// DEBUG -echo "\nLock File Path: $lock_file_path\n"; -if (file_exists($lock_file_path)) { - echo "\nLock is present\n\n"; -} -echo "Processed Emails into tickets: $processed_count\n"; -echo "Unprocessed Emails: $unprocessed_count\n"; + Ticketing > Email-to-ticket parsing. See https://docs.itflow.org/ticket_email_parse -- Quitting.."); +} + +// System temp directory & lock +$temp_dir = sys_get_temp_dir(); +$lock_file_path = "{$temp_dir}/itflow_email_parser_{$installation_id}.lock"; + +if (file_exists($lock_file_path)) { + $file_age = time() - filemtime($lock_file_path); + if ($file_age > 300) { + unlink($lock_file_path); + logApp("Cron-Email-Parser", "warning", "Cron Email Parser detected a lock file was present but was over 5 minutes old so it removed it."); + } else { + logApp("Cron-Email-Parser", "warning", "Lock file present. Cron Email Parser attempted to execute but was already executing, so instead it terminated."); + exit("Script is already running. Exiting."); + } +} +file_put_contents($lock_file_path, "Locked"); + +// Ensure lock gets removed even on fatal error +register_shutdown_function(function() use ($lock_file_path) { + if (file_exists($lock_file_path)) { + @unlink($lock_file_path); + } +}); + +// Allowed attachment extensions +$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'svg', 'pdf', 'txt', 'md', 'doc', 'docx', 'csv', 'xls', 'xlsx', 'xlsm', 'zip', 'tar', 'gz'); + +/** ------------------------------------------------------------------ + * Ticket / Reply helpers (unchanged) + * ------------------------------------------------------------------ */ +function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { + global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; + + // Atomically increment and get the new ticket number + mysqli_query($mysqli, " + UPDATE settings + SET + config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), + config_ticket_next_number = config_ticket_next_number + 1 + WHERE company_id = 1 + "); + + $ticket_number = mysqli_insert_id($mysqli); + + // Clean up the message + $message = trim($message); + // Remove DOCTYPE and meta tags + $message = preg_replace('/]*>/i', '', $message); + $message = preg_replace('/]*>/i', '', $message); + // Remove , , and their closing tags + $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); + // Collapse excess whitespace + $message = preg_replace('/\s+/', ' ', $message); + // Convert newlines to
      + $message = nl2br($message); + // Wrap final formatted message + $message = "Email from: $contact_name <$contact_email> at $date:-

      $message
      "; + + $ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); + $message_esc = mysqli_real_escape_string($mysqli, $message); + $contact_email_esc = mysqli_real_escape_string($mysqli, $contact_email); + $client_id = intval($client_id); + + $url_key = randomString(32); + + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_source = 'Email', ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); + $id = mysqli_insert_id($mysqli); + + // Logging + logAction("Ticket", "Create", "Email parser: Client contact $contact_email_esc created ticket $ticket_prefix_esc$ticket_number ($subject) ($id)", $client_id, $id); + + mkdirMissing('../uploads/tickets/'); + $att_dir = "../uploads/tickets/" . $id . "/"; + mkdirMissing($att_dir); + + // Move original .eml into the ticket folder + rename("../uploads/tmp/{$original_message_file}", "{$att_dir}/{$original_message_file}"); + $original_message_file_esc = mysqli_real_escape_string($mysqli, $original_message_file); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = 'Original-parsed-email.eml', ticket_attachment_reference_name = '$original_message_file_esc', ticket_attachment_ticket_id = $id"); + + // Save non-inline attachments + foreach ($attachments as $attachment) { + $att_name = $attachment['name']; + $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); + + if (in_array($att_extension, $allowed_extensions)) { + $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; + $att_saved_path = $att_dir . $att_saved_filename; + file_put_contents($att_saved_path, $attachment['content']); + + $ticket_attachment_name = sanitizeInput($att_name); + $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); + + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); + $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_ticket_id = $id"); + } else { + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); + logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $contact_email_esc for ticket $ticket_prefix_esc$ticket_number", $client_id, $id); + } + } + + // Guest ticket watchers + if ($client_id == 0) { + mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$contact_email_esc', watcher_ticket_id = $id"); + } + + // External email + $bad_pattern = "/do[\W_]*not[\W_]*reply|no[\W_]*reply/i"; + $data = []; + if ($config_ticket_client_general_notifications == 1 && !preg_match($bad_pattern, $contact_email)) { + $subject_email = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; + $body = "##- Please type your reply above this line -##

      Hello $contact_name,

      Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

      Ticket: $config_ticket_prefix$ticket_number
      Subject: $subject
      Status: New
      Portal: View ticket

      --
      $company_name - Support
      $config_ticket_from_email
      $company_phone"; + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject_email, + 'body' => mysqli_real_escape_string($mysqli, $body) + ]; + } + + // Internal email + if ($config_ticket_new_ticket_notification_email) { + if ($client_id == 0) { + $client_name = "Guest"; + $client_uri = ''; + } else { + $client_sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id"); + $client_row = mysqli_fetch_assoc($client_sql); + $client_name = sanitizeInput($client_row['client_name']); + $client_uri = "&client_id=$client_id"; + } + $email_subject = "$config_app_name - New Ticket - $client_name: $subject"; + $email_body = "Hello,

      This is a notification that a new ticket has been raised in ITFlow.
      Client: $client_name
      Priority: Low (email parsed)
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$id$client_uri

      --------------------------------

      $subject
      $message"; + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $config_ticket_new_ticket_notification_email, + 'recipient_name' => $config_ticket_from_name, + 'subject' => $email_subject, + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ]; + } + + addToMailQueue($data); + customAction('ticket_create', $id); + + return true; +} + +function addReply($from_email, $date, $subject, $ticket_number, $message, $attachments) { + global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $allowed_extensions; + + $ticket_reply_type = 'Client'; + // $message contains the raw HTML body from IMAP + + // 1) Remove the reply separator and everything below it (HTML-aware) + // This matches: ##- Please type your reply above this line -## and EVERYTHING after it + $message = preg_replace( + '/]*>##-\s*Please\s+type\s+your\s+reply\s+above\s+this\s+line\s*-##<\/i>.*$/is', + '', + $message + ); + + // 2) Clean up the remaining message + + // Remove DOCTYPE and meta tags + $message = preg_replace('/]*>/i', '', $message); + $message = preg_replace('/]*>/i', '', $message); + + // Remove , , and their closing tags + $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); + + // Trim leading/trailing whitespace + $message = trim($message); + + // Normalize line breaks to spaces + $message = preg_replace('/\r\n|\r|\n/', ' ', $message); + + // Convert to
      for HTML display + $message = nl2br($message); + + // 3) Final wrapper + $message = "Email from: $from_email at $date:-

      $message
      "; + + $ticket_number_esc = intval($ticket_number); + $message_esc = mysqli_real_escape_string($mysqli, $message); + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email, client_name + FROM tickets + LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id + LEFT JOIN clients on tickets.ticket_client_id = clients.client_id + WHERE ticket_number = $ticket_number_esc LIMIT 1")); + + if ($row) { + $ticket_id = intval($row['ticket_id']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_status = sanitizeInput($row['ticket_status']); + $ticket_reply_contact = intval($row['ticket_contact_id']); + $ticket_contact_email = sanitizeInput($row['contact_email']); + $client_id = intval($row['ticket_client_id']); + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + $client_name = sanitizeInput($row['client_name']); + + if ($ticket_status == 5) { + $config_ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); + $ticket_number_esc2 = mysqli_real_escape_string($mysqli, $ticket_number); + + appNotify("Ticket", "Email parser: $from_email attempted to re-open ticket $config_ticket_prefix_esc$ticket_number_esc2 (ID $ticket_id) - check inbox manually to see email", "/agent/ticket.php?ticket_id=$ticket_id$client_uri", $client_id); + + $email_subject = "Action required: This ticket is already closed"; + $email_body = "Hi there,

      You've tried to reply to a ticket that is closed - we won't see your response.

      Please raise a new ticket by sending a new e-mail to our support address below.

      --
      $company_name - Support
      $config_ticket_from_email
      $company_phone"; + + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $from_email, + 'recipient_name' => $from_email, + 'subject' => $email_subject, + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ] + ]; + + addToMailQueue($data); + return true; + } + + if (empty($ticket_contact_email) || $ticket_contact_email !== $from_email) { + $from_email_esc2 = mysqli_real_escape_string($mysqli, $from_email); + $row2 = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_email = '$from_email_esc2' AND contact_client_id = $client_id LIMIT 1")); + if ($row2) { + $ticket_reply_contact = intval($row2['contact_id']); + } else { + $ticket_reply_type = 'Internal'; + $ticket_reply_contact = '0'; + $message = "WARNING: Contact email mismatch
      $message"; + $message_esc = mysqli_real_escape_string($mysqli, $message); + } + } + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$message_esc', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id"); + $reply_id = mysqli_insert_id($mysqli); + + $ticket_dir = "../uploads/tickets/" . $ticket_id . "/"; + mkdirMissing($ticket_dir); + + foreach ($attachments as $attachment) { + $att_name = $attachment['name']; + $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); + + if (in_array($att_extension, $allowed_extensions)) { + $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; + $att_saved_path = $ticket_dir . $att_saved_filename; + file_put_contents($att_saved_path, $attachment['content']); + + $ticket_attachment_name = sanitizeInput($att_name); + $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); + + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); + $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_reply_id = $reply_id, ticket_attachment_ticket_id = $ticket_id"); + } else { + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); + logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $from_email_esc for ticket $config_ticket_prefix$ticket_number_esc", $client_id, $ticket_id); + } + } + + $ticket_assigned_to_sql = mysqli_query($mysqli, "SELECT ticket_assigned_to FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); + if ($ticket_assigned_to_sql) { + $row3 = mysqli_fetch_assoc($ticket_assigned_to_sql); + $ticket_assigned_to = intval($row3['ticket_assigned_to']); + + if ($ticket_assigned_to) { + $tech_sql = mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1"); + $tech_row = mysqli_fetch_assoc($tech_sql); + $tech_email = sanitizeInput($tech_row['user_email']); + $tech_name = sanitizeInput($tech_row['user_name']); + + $email_subject = "$config_app_name - Ticket updated - [$config_ticket_prefix$ticket_number] $ticket_subject"; + $email_body = "Hello $tech_name,

      A new reply has been added to the below ticket.

      Client: $client_name
      Ticket: $config_ticket_prefix$ticket_number
      Subject: $ticket_subject
      Link: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

      --------------------------------
      $message_esc"; + + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $tech_email, + 'recipient_name' => $tech_name, + 'subject' => mysqli_real_escape_string($mysqli, $email_subject), + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ] + ]; + addToMailQueue($data); + } + } + + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"); + + logAction("Ticket", "Edit", "Email parser: Client contact $from_email_esc updated ticket $config_ticket_prefix$ticket_number_esc ($subject)", $client_id, $ticket_id); + customAction('ticket_reply_client', $ticket_id); + return true; + } else { + return false; + } +} + +/** ------------------------------------------------------------------ + * OAuth helpers + provider guard + * ------------------------------------------------------------------ */ + +// returns true if expires_at ('Y-m-d H:i:s') is in the past (or missing) +function tokenExpired(?string $expires_at): bool { + if (empty($expires_at)) return true; + $ts = strtotime($expires_at); + if ($ts === false) return true; + // refresh a little early (60s) to avoid race + return ($ts - 60) <= time(); +} + +// very small form-encoded POST helper using curl +function httpFormPost(string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + return ['ok' => ($raw !== false && $code >= 200 && $code < 300), 'body' => $raw, 'code' => $code, 'err' => $err]; +} + +/** + * Get a valid access token for Google Workspace IMAP via refresh token if needed. + * Uses settings: config_mail_oauth_client_id / _client_secret / _refresh_token / _access_token / _access_token_expires_at + * Updates globals if refreshed (so later logging can reflect it if you want to persist). + */ +function getGoogleAccessToken(string $username): ?string { + // pull from global settings variables you already load + global $mysqli, + $config_mail_oauth_client_id, + $config_mail_oauth_client_secret, + $config_mail_oauth_refresh_token, + $config_mail_oauth_access_token, + $config_mail_oauth_access_token_expires_at; + + // If we have a not-expired token, use it + if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { + return $config_mail_oauth_access_token; + } + + // Need to refresh? + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { + // Nothing we can do + return null; + } + + $resp = httpFormPost( + 'https://oauth2.googleapis.com/token', + [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ] + ); + + if (!$resp['ok']) return null; + + $json = json_decode($resp['body'], true); + if (!is_array($json) || empty($json['access_token'])) return null; + + // Calculate new expiry + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + + // Update in-memory globals (and persist to DB) + $config_mail_oauth_access_token = $json['access_token']; + $config_mail_oauth_access_token_expires_at = $expires_at; + + $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); + $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); + mysqli_query($mysqli, "UPDATE settings SET + config_mail_oauth_access_token = '{$at_esc}', + config_mail_oauth_access_token_expires_at = '{$exp_esc}' + WHERE company_id = 1 + "); + + return $config_mail_oauth_access_token; +} + +/** + * Get a valid access token for Microsoft 365 IMAP via refresh token if needed. + * Uses settings: config_mail_oauth_client_id / _client_secret / _tenant_id / _refresh_token / _access_token / _access_token_expires_at + */ +function getMicrosoftAccessToken(string $username): ?string { + global $mysqli, + $config_mail_oauth_client_id, + $config_mail_oauth_client_secret, + $config_mail_oauth_tenant_id, + $config_mail_oauth_refresh_token, + $config_mail_oauth_access_token, + $config_mail_oauth_access_token_expires_at; + + if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { + return $config_mail_oauth_access_token; + } + + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token) || empty($config_mail_oauth_tenant_id)) { + return null; + } + + $url = "https://login.microsoftonline.com/".rawurlencode($config_mail_oauth_tenant_id)."/oauth2/v2.0/token"; + + $resp = httpFormPost($url, [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + // IMAP/SMTP scopes typically included at initial consent; not needed for refresh + ]); + + if (!$resp['ok']) return null; + + $json = json_decode($resp['body'], true); + if (!is_array($json) || empty($json['access_token'])) return null; + + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + + $config_mail_oauth_access_token = $json['access_token']; + $config_mail_oauth_access_token_expires_at = $expires_at; + + $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); + $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); + mysqli_query($mysqli, "UPDATE settings SET + config_mail_oauth_access_token = '{$at_esc}', + config_mail_oauth_access_token_expires_at = '{$exp_esc}' + WHERE company_id = 1 + "); + + return $config_mail_oauth_access_token; +} + +// Provider from settings (may be NULL/empty to disable IMAP polling) +$imap_provider = $config_imap_provider ?? ''; +if ($imap_provider === null) $imap_provider = ''; + +if ($imap_provider === '') { + // IMAP disabled by admin: exit cleanly + logApp("Cron-Email-Parser", "info", "IMAP polling skipped: provider not configured."); + @unlink($lock_file_path); + exit(0); +} + +/** ------------------------------------------------------------------ + * Webklex IMAP setup (supports Standard / Google OAuth / Microsoft OAuth) + * ------------------------------------------------------------------ */ +use Webklex\PHPIMAP\ClientManager; + +$validate_cert = true; + +// Defaults from settings (standard IMAP) +$host = $config_imap_host; +$port = (int)$config_imap_port; +$encr = !empty($config_imap_encryption) ? $config_imap_encryption : 'notls'; // 'ssl'|'tls'|'notls' +$user = $config_imap_username; +$pass = $config_imap_password; +$auth = null; // 'oauth' for OAuth providers + +if ($imap_provider === 'google_oauth') { + $host = 'imap.gmail.com'; + $port = 993; + $encr = 'ssl'; + $auth = 'oauth'; + $pass = getGoogleAccessToken($user); + if (empty($pass)) { + logApp("Cron-Email-Parser", "error", "Google OAuth: no usable access token (check refresh token/client credentials)."); + @unlink($lock_file_path); + exit(1); + } +} elseif ($imap_provider === 'microsoft_oauth') { + $host = 'outlook.office365.com'; + $port = 993; + $encr = 'ssl'; + $auth = 'oauth'; + $pass = getMicrosoftAccessToken($user); + if (empty($pass)) { + logApp("Cron-Email-Parser", "error", "Microsoft OAuth: no usable access token (check refresh token/client credentials/tenant)."); + @unlink($lock_file_path); + exit(1); + } +} else { + // standard_imap (username/password) + if (empty($host) || empty($port) || empty($user)) { + logApp("Cron-Email-Parser", "error", "Standard IMAP: missing host/port/username."); + @unlink($lock_file_path); + exit(1); + } +} + +$cm = new ClientManager(); + +$client = $cm->make(array_filter([ + 'host' => $host, + 'port' => $port, + 'encryption' => $encr, // 'ssl' | 'tls' | null + 'validate_cert' => (bool)$validate_cert, + 'username' => $user, // full mailbox address (OAuth uses user as principal) + 'password' => $pass, // access token when $auth === 'oauth' + 'authentication' => $auth, // 'oauth' or null + 'protocol' => 'imap', +])); + +try { + $client->connect(); +} catch (\Throwable $e) { + echo "Error connecting to IMAP server: " . $e->getMessage(); + @unlink($lock_file_path); + exit(1); +} + +$inbox = $client->getFolderByPath('INBOX'); + +$targetFolderPath = 'ITFlow'; +try { + $targetFolder = $client->getFolderByPath($targetFolderPath); +} catch (\Throwable $e) { + $client->createFolder($targetFolderPath); + $targetFolder = $client->getFolderByPath($targetFolderPath); +} + +// Fetch unseen messages +$messages = $inbox->messages()->leaveUnread()->unseen()->get(); + +// Counters +$processed_count = 0; +$unprocessed_count = 0; + +// Process messages +foreach ($messages as $message) { + $email_processed = false; + + // Save original message as .eml (getRawMessage() doesn't seem to work properly) + mkdirMissing('../uploads/tmp/'); + $original_message_file = "processed-eml-" . randomString(200) . ".eml"; + $raw_message = (string)$message->getHeader()->raw . "\r\n\r\n" . ($message->getRawBody() ?? $message->getHTMLBody() ?? $message->getTextBody()); + file_put_contents("../uploads/tmp/{$original_message_file}", $raw_message); + + // From + $fromCol = $message->getFrom(); + $fromFirst = ($fromCol && $fromCol->count()) ? $fromCol->first() : null; + $from_email = sanitizeInput($fromFirst->mail ?? 'itflow-guest@example.com'); + $from_name = sanitizeInput($fromFirst->personal ?? 'Unknown'); + + $from_domain = explode("@", $from_email); + $from_domain = sanitizeInput(end($from_domain)); + + // Subject + $subject = sanitizeInput((string)$message->getSubject() ?: 'No Subject'); + + // Date (string) + $dateAttr = $message->getDate(); // Attribute + $dateRaw = $dateAttr ? (string)$dateAttr : ''; // e.g. "Tue, 10 Sep 2025 13:22:05 +0000" + $ts = $dateRaw ? strtotime($dateRaw) : false; + $date = sanitizeInput($ts !== false ? date('Y-m-d H:i:s', $ts) : date('Y-m-d H:i:s')); + + // Body (prefer HTML) + $message_body_html = $message->getHTMLBody(); + $message_body_text = $message->getTextBody(); + $message_body_raw = $message->getRawBody(); + + if (!empty($message_body_html)) { + $message_body = $message_body_html; + } elseif (!empty($message_body_text)) { + $message_body = nl2br(htmlspecialchars($message_body_text)); + } else { + // Final fallback + $message_body = nl2br(htmlspecialchars($message_body_raw)); + } + + // Handle attachments (inline vs regular) + $attachments = []; + foreach ($message->getAttachments() as $att) { + $attrs = $att->getAttributes(); // v6.2: canonical source + $dispo = strtolower((string)($attrs['disposition'] ?? '')); + $cid = $attrs['id'] ?? null; // Content-ID + $content = $attrs['content'] ?? null; // binary + $mime = $att->getMimeType(); + $name = $att->getName() ?: 'attachment'; + + $is_inline = false; + if ($dispo === 'inline' && $cid && $content !== null) { + $cid_trim = trim($cid, '<>'); + $dataUri = "data:$mime;base64,".base64_encode($content); + $message_body = str_replace(["cid:$cid_trim", "cid:$cid"], $dataUri, $message_body); + $is_inline = true; + } + + if (!$is_inline && $content !== null) { + $attachments[] = ['name' => $name, 'content' => $content]; + } + } + + // 1. Reply to existing ticket with the number in subject + if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $subject, $ticket_number_matches)) { + $ticket_number = intval($ticket_number_matches[1]); + $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); + } + + // 2. Fuzzy duplicate check using a known contact/domain and similar_text subject + if (!$email_processed && strlen(trim($subject)) > 10) { + $contact_id = 0; + $client_id = 0; + + // First: check if sender is a registered contact + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); + $contact_row = mysqli_fetch_assoc($contact_sql); + + if ($contact_row) { + $contact_id = intval($contact_row['contact_id']); + $client_id = intval($contact_row['contact_client_id']); + } else { + // Else: check if sender domain is registered + $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); + $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); + $domain_row = mysqli_fetch_assoc($domain_sql); + + if ($domain_row && $from_domain == $domain_row['domain_name']) { + $client_id = intval($domain_row['domain_client_id']); + } + } + + // If we found either a contact or a domain, check recent tickets for a matching subject + if ($client_id) { + $recent_tickets_sql = mysqli_query($mysqli, + "SELECT ticket_id, ticket_number, ticket_subject + FROM tickets + WHERE ticket_client_id = $client_id AND ticket_resolved_at IS NULL + AND ticket_created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)" + ); + + while ($rowt = mysqli_fetch_assoc($recent_tickets_sql)) { + $ticket_number = intval($rowt['ticket_number']); + $existing_subject = $rowt['ticket_subject']; + + // Calculate similarity percentage + similar_text(strtolower($subject), strtolower($existing_subject), $percent); + + if ($percent >= 95) { + // Treat as a reply/duplicate + $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); + break; + } + } + } + } + + // 3. A known, registered contact? + if (!$email_processed) { + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + $any_contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); + $rowc = mysqli_fetch_assoc($any_contact_sql); + + if ($rowc) { + $contact_name = sanitizeInput($rowc['contact_name']); + $contact_id = intval($rowc['contact_id']); + $contact_email = sanitizeInput($rowc['contact_email']); + $client_id = intval($rowc['contact_client_id']); + + $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); + } + } + + // 4. A known domain? + if (!$email_processed) { + $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); + $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); + $rowd = mysqli_fetch_assoc($domain_sql); + + if ($rowd && $from_domain == $rowd['domain_name']) { + $client_id = intval($rowd['domain_client_id']); + + // Create a new contact + $contact_name = $from_name; + $contact_email = $from_email; + mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '".mysqli_real_escape_string($mysqli, $contact_name)."', contact_email = '".mysqli_real_escape_string($mysqli, $contact_email)."', contact_notes = 'Added automatically via email parsing.', contact_client_id = $client_id"); + $contact_id = mysqli_insert_id($mysqli); + + logAction("Contact", "Create", "Email parser: created contact " . mysqli_real_escape_string($mysqli, $contact_name), $client_id, $contact_id); + customAction('contact_create', $contact_id); + + $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); + } + } + + // 5. Unknown sender allowed? + if (!$email_processed && $config_ticket_email_parse_unknown_senders) { + + $bad_from_pattern = "/daemon|postmaster|bounce|mta/i"; // Stop NDRs with bad subjects raising new tickets + if (!preg_match($bad_from_pattern, $from_email)) { + $email_processed = addTicket(0, $from_name, $from_email, 0, $date, $subject, $message_body, $attachments, $original_message_file); + + } else { + + // Probably an NDR message without a ticket ref in the subject + + $failed_recipient = null; + $diagnostic_code = null; + $status_code = null; + $original_subject = null; + $original_to = null; + + // Webklex stores DSN info in attachments, not parts + foreach ($message->getAttachments() as $attachment) { + + $ctype = strtolower($attachment->getContentType()); + $body = $attachment->getContent() ?? ''; + + // 1. Delivery status block + if (strpos($ctype, 'delivery-status') !== false) { + + if (preg_match('/Final-Recipient:\s*rfc822;\s*(.+)/i', $body, $m)) { + $failed_recipient = sanitizeInput(trim($m[1])); + } + + if (preg_match('/Diagnostic-Code:\s*(.+)/i', $body, $m)) { + $diagnostic_code = sanitizeInput(trim($m[1])); + } + + if (preg_match('/Status:\s*([0-9\.]+)/i', $body, $m)) { + $status_code = sanitizeInput(trim($m[1])); + } + } + + // 2. Original message headers + if (strpos($ctype, 'message/rfc822') !== false) { + + if (preg_match('/^To:\s*(.+)$/mi', $body, $m)) { + $original_to = sanitizeInput(trim($m[1])); + } + + if (preg_match('/^Subject:\s*(.+)$/mi', $body, $m)) { + $original_subject = sanitizeInput(trim($m[1])); + } + } + } + + // 3. Fallback: extract diagnostic from human-readable text/plain + if (!$diagnostic_code) { + $text = $message->getTextBody() ?? ''; + + // Exim puts diagnostics on an indented line + if (preg_match('/\n\s{2,}(.+)/', $text, $m)) { + $diagnostic_code = sanitizeInput(trim($m[1])); + } + } + + // Fallbacks + $failed_recipient = $failed_recipient ?: 'unknown recipient'; + $diagnostic_code = $diagnostic_code ?: 'unknown diagnostic code'; + $status_code = $status_code ?: 'unknown status code'; + $original_subject = $original_subject ?: $subject; + + appNotify( + "Ticket", + "Email parser NDR: Message to $failed_recipient bounced. Subject: $original_subject Diagnostics: $status_code / $diagnostic_code - check ITFlow folder manually to see email", + "", + 0 + ); + + // If the original subject has a ticket, add the NDR there too + if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $original_subject, $ticket_number_matches)) { + + $ticket_number = intval($ticket_number_matches[1]); + + // Craft a clean bounce message + $reply_body = "Email delivery failed.\n". + "Recipient: $failed_recipient\n". + "Status: $status_code\n". + "Diagnostic: $diagnostic_code\n"; + + // No attachments + addReply( + $from_email, + $date, + $original_subject, + $ticket_number, + $reply_body, + [] + ); + + } + + $email_processed = true; + } + } + + + // Flag/move based on processing result + if ($email_processed) { + $processed_count++; // increment first so a move failure doesn't hide the success + try { + $message->setFlag('Seen'); + // Move using the Folder object (top-level "ITFlow") + $message->move($targetFolderPath); + // optional: logApp("Cron-Email-Parser", "info", "Moved message to ITFlow"); + } catch (\Throwable $e) { + // >>> Put the extra logging RIGHT HERE + $subj = (string)$message->getSubject(); + $uid = method_exists($message, 'getUid') ? $message->getUid() : 'n/a'; + $path = (is_object($targetFolder) && property_exists($targetFolder, 'path')) ? (string)$targetFolder->path : $targetFolderPath; + logApp( + "Cron-Email-Parser", + "warning", + "Move failed (subject=\"$subj\", uid=$uid) to [$path]: ".$e->getMessage() + ); + } + } else { + $unprocessed_count++; + try { + $message->setFlag('Flagged'); + $message->unsetFlag('Seen'); + } catch (\Throwable $e) { + logApp("Cron-Email-Parser", "warning", "Flag update failed: ".$e->getMessage()); + } + } + + // Cleanup temp .eml if still present (e.g., reply path) + if (isset($original_message_file)) { + $tmp_path = "../uploads/tmp/{$original_message_file}"; + if (file_exists($tmp_path)) { @unlink($tmp_path); } + } +} + +// Expunge & disconnect +try { + $client->expunge(); +} catch (\Throwable $e) { + // ignore +} +$client->disconnect(); + +// Execution timing (optional) +$script_end_time = microtime(true); +$execution_time = $script_end_time - $script_start_time; +$execution_time_formatted = number_format($execution_time, 2); + +$processed_info = "Processed: $processed_count email(s), Unprocessed: $unprocessed_count email(s)"; +// logAction("Cron-Email-Parser", "Execution", "Cron Email Parser executed in $execution_time_formatted seconds. $processed_info"); + +// Remove the lock file +unlink($lock_file_path); + +// DEBUG +echo "\nLock File Path: $lock_file_path\n"; +if (file_exists($lock_file_path)) { + echo "\nLock is present\n\n"; +} +echo "Processed Emails: $processed_count\n"; +echo "Unprocessed Emails: $unprocessed_count\n"; diff --git a/css/itflow_custom.css b/css/itflow_custom.css index 50b0d582..d25f3eb6 100644 --- a/css/itflow_custom.css +++ b/css/itflow_custom.css @@ -1,6 +1,6 @@ -/* - For screens below 576px (xs): - - Make the button full-width, display:block +/* + For screens below 576px (xs): + - Make the button full-width, display:block */ @media (max-width: 575.98px) { .btn-responsive { @@ -9,9 +9,9 @@ } } -/* +/* For screens 576px (sm) and above: - - Revert to an inline style + - Revert to an inline style */ @media (min-width: 576px) { .btn-responsive { @@ -26,4 +26,19 @@ .drag-handle:active { cursor: grabbing !important; -} \ No newline at end of file +} + +.star-toggle input { + display: none; +} + +.star-toggle i { + cursor: pointer; + font-size: 1.2rem; + color: #adb5bd; +} + +.star-toggle input:checked + i { + color: #f1c40f; + font-weight: 900; +} diff --git a/db.sql b/db.sql index 42af2911..edef39fd 100644 --- a/db.sql +++ b/db.sql @@ -319,7 +319,7 @@ CREATE TABLE `assets` ( `asset_photo` varchar(200) DEFAULT NULL, `asset_physical_location` varchar(200) DEFAULT NULL, `asset_notes` text DEFAULT NULL, - `asset_important` tinyint(1) NOT NULL DEFAULT 0, + `asset_favorite` tinyint(1) NOT NULL DEFAULT 0, `asset_created_at` datetime NOT NULL DEFAULT current_timestamp(), `asset_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `asset_archived_at` datetime DEFAULT NULL, @@ -496,6 +496,7 @@ CREATE TABLE `certificates` ( `certificate_expire` date DEFAULT NULL, `certificate_public_key` mediumtext DEFAULT NULL, `certificate_notes` mediumtext DEFAULT NULL, + `certificate_favorite` tinyint(1) NOT NULL DEFAULT 0, `certificate_created_at` datetime NOT NULL DEFAULT current_timestamp(), `certificate_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `certificate_archived_at` datetime DEFAULT NULL, @@ -607,6 +608,7 @@ CREATE TABLE `clients` ( `client_tax_id_number` varchar(255) DEFAULT NULL, `client_abbreviation` varchar(10) DEFAULT NULL, `client_notes` text DEFAULT NULL, + `client_favorite` tinyint(1) NOT NULL DEFAULT 0, `client_created_at` datetime NOT NULL DEFAULT current_timestamp(), `client_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `client_archived_at` datetime DEFAULT NULL, @@ -902,7 +904,7 @@ CREATE TABLE `credentials` ( `credential_password` varbinary(200) DEFAULT NULL, `credential_otp_secret` varchar(200) DEFAULT NULL, `credential_note` text DEFAULT NULL, - `credential_important` tinyint(1) NOT NULL DEFAULT 0, + `credential_favorite` tinyint(1) NOT NULL DEFAULT 0, `credential_created_at` datetime NOT NULL DEFAULT current_timestamp(), `credential_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `credential_archived_at` datetime DEFAULT NULL, @@ -958,6 +960,132 @@ CREATE TABLE `custom_fields` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Table structure for table `custom_hosting_api_keys` +-- + +DROP TABLE IF EXISTS `custom_hosting_api_keys`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_api_keys` ( + `api_key_id` int(11) NOT NULL AUTO_INCREMENT, + `api_key_name` varchar(200) NOT NULL, + `api_key_url` varchar(250) NOT NULL, + `api_key_token_id` varchar(200) NOT NULL, + `api_key_token_secret` varchar(250) NOT NULL, + `api_key_created_at` datetime NOT NULL DEFAULT current_timestamp(), + PRIMARY KEY (`api_key_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_networks` +-- + +DROP TABLE IF EXISTS `custom_hosting_networks`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_networks` ( + `network_id` int(11) NOT NULL AUTO_INCREMENT, + `network_name` varchar(200) NOT NULL, + `network` varchar(100) NOT NULL, + `network_mask` varchar(100) NOT NULL, + `gateway` varchar(100) NOT NULL, + `network_start` varchar(100) NOT NULL, + `network_end` varchar(100) NOT NULL, + PRIMARY KEY (`network_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_plans` +-- + +DROP TABLE IF EXISTS `custom_hosting_plans`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_plans` ( + `plan_id` int(11) NOT NULL AUTO_INCREMENT, + `plan_name` varchar(250) NOT NULL, + `plan_description` text NOT NULL, + `plan_created_at` datetime NOT NULL DEFAULT current_timestamp(), + PRIMARY KEY (`plan_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_regions` +-- + +DROP TABLE IF EXISTS `custom_hosting_regions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_regions` ( + `region_id` int(11) NOT NULL AUTO_INCREMENT, + `region_name` varchar(200) NOT NULL, + `region_created_at` datetime NOT NULL DEFAULT current_timestamp(), + PRIMARY KEY (`region_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_servers` +-- + +DROP TABLE IF EXISTS `custom_hosting_servers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_servers` ( + `server_id` int(11) NOT NULL AUTO_INCREMENT, + `server_node` varchar(200) NOT NULL, + `server_storage` varchar(200) NOT NULL, + `server_created_at` datetime NOT NULL DEFAULT current_timestamp(), + `server_region_id` int(11) NOT NULL, + `server_api_key_id` varchar(200) NOT NULL, + PRIMARY KEY (`server_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_vm_templates` +-- + +DROP TABLE IF EXISTS `custom_hosting_vm_templates`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_vm_templates` ( + `template_id` int(11) NOT NULL AUTO_INCREMENT, + `template_name` varchar(200) NOT NULL, + `vcpus` int(11) NOT NULL, + `memory` int(11) NOT NULL, + `disk` int(11) NOT NULL, + `template_created_at` datetime NOT NULL DEFAULT current_timestamp(), + `template_plan_id` int(11) NOT NULL, + PRIMARY KEY (`template_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `custom_hosting_vms` +-- + +DROP TABLE IF EXISTS `custom_hosting_vms`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `custom_hosting_vms` ( + `vm_id` int(11) NOT NULL AUTO_INCREMENT, + `vm_hostname` varchar(200) NOT NULL, + `vm_ip` varchar(100) NOT NULL, + `vm_created_at` datetime NOT NULL DEFAULT current_timestamp(), + `vm_network_id` int(11) NOT NULL, + `vm_server_id` int(11) NOT NULL, + `vm_template_id` int(11) NOT NULL, + `vm_recurring_invoice_id` int(11) DEFAULT NULL, + `vm_client_id` int(11) NOT NULL, + PRIMARY KEY (`vm_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + -- -- Table structure for table `custom_links` -- @@ -1087,8 +1215,8 @@ CREATE TABLE `documents` ( `document_description` text DEFAULT NULL, `document_content` longtext NOT NULL, `document_content_raw` longtext NOT NULL, - `document_important` tinyint(1) NOT NULL DEFAULT 0, `document_client_visible` int(11) NOT NULL DEFAULT 1, + `document_favorite` tinyint(1) NOT NULL DEFAULT 0, `document_created_at` datetime NOT NULL DEFAULT current_timestamp(), `document_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `document_archived_at` datetime DEFAULT NULL, @@ -1140,6 +1268,7 @@ CREATE TABLE `domains` ( `domain_txt` text DEFAULT NULL, `domain_raw_whois` text DEFAULT NULL, `domain_notes` text DEFAULT NULL, + `domain_favorite` tinyint(1) NOT NULL DEFAULT 0, `domain_created_at` datetime NOT NULL DEFAULT current_timestamp(), `domain_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `domain_archived_at` datetime DEFAULT NULL, @@ -1220,7 +1349,7 @@ CREATE TABLE `files` ( `file_ext` varchar(10) DEFAULT NULL, `file_size` bigint(20) unsigned NOT NULL DEFAULT 0, `file_mime_type` varchar(100) DEFAULT NULL, - `file_important` tinyint(1) NOT NULL DEFAULT 0, + `file_favorite` tinyint(1) NOT NULL DEFAULT 0, `file_created_at` datetime NOT NULL DEFAULT current_timestamp(), `file_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `file_archived_at` datetime DEFAULT NULL, @@ -1370,6 +1499,7 @@ CREATE TABLE `locations` ( `location_photo` varchar(200) DEFAULT NULL, `location_primary` tinyint(1) NOT NULL DEFAULT 0, `location_notes` text DEFAULT NULL, + `location_favorite` tinyint(1) NOT NULL DEFAULT 0, `location_created_at` datetime NOT NULL DEFAULT current_timestamp(), `location_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `location_archived_at` datetime DEFAULT NULL, @@ -1436,6 +1566,7 @@ CREATE TABLE `networks` ( `network_secondary_dns` varchar(200) DEFAULT NULL, `network_dhcp_range` varchar(200) DEFAULT NULL, `network_notes` text DEFAULT NULL, + `network_favorite` tinyint(1) NOT NULL DEFAULT 0, `network_created_at` datetime NOT NULL DEFAULT current_timestamp(), `network_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `network_archived_at` datetime DEFAULT NULL, @@ -1722,6 +1853,7 @@ CREATE TABLE `racks` ( `rack_photo` varchar(200) DEFAULT NULL, `rack_physical_location` varchar(200) DEFAULT NULL, `rack_notes` text DEFAULT NULL, + `rack_favorite` tinyint(1) NOT NULL DEFAULT 0, `rack_created_at` datetime NOT NULL DEFAULT current_timestamp(), `rack_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `rack_archived_at` datetime DEFAULT NULL, @@ -2055,6 +2187,7 @@ CREATE TABLE `services` ( `service_importance` varchar(10) NOT NULL, `service_backup` varchar(200) DEFAULT NULL, `service_notes` mediumtext NOT NULL, + `service_favorite` tinyint(1) NOT NULL DEFAULT 0, `service_created_at` datetime NOT NULL DEFAULT current_timestamp(), `service_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `service_accessed_at` datetime DEFAULT NULL, @@ -2209,6 +2342,7 @@ CREATE TABLE `software` ( `software_purchase` date DEFAULT NULL, `software_expire` date DEFAULT NULL, `software_notes` text DEFAULT NULL, + `software_favorite` tinyint(1) NOT NULL DEFAULT 0, `software_created_at` datetime NOT NULL DEFAULT current_timestamp(), `software_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `software_archived_at` datetime DEFAULT NULL, @@ -2399,6 +2533,27 @@ CREATE TABLE `tags` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Table structure for table `task_approvals` +-- + +DROP TABLE IF EXISTS `task_approvals`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8mb4 */; +CREATE TABLE `task_approvals` ( + `approval_id` int(11) NOT NULL AUTO_INCREMENT, + `approval_scope` enum('client','internal') NOT NULL, + `approval_type` enum('any','technical','billing','specific') NOT NULL, + `approval_required_user_id` int(11) DEFAULT NULL, + `approval_status` enum('pending','approved','declined') NOT NULL, + `approval_created_by` int(11) NOT NULL, + `approval_approved_by` varchar(255) DEFAULT NULL, + `approval_url_key` varchar(200) NOT NULL, + `approval_task_id` int(11) NOT NULL, + PRIMARY KEY (`approval_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + -- -- Table structure for table `task_templates` -- @@ -2894,6 +3049,7 @@ CREATE TABLE `vendors` ( `vendor_code` varchar(200) DEFAULT NULL, `vendor_account_number` varchar(200) DEFAULT NULL, `vendor_notes` text DEFAULT NULL, + `vendor_favorite` tinyint(1) NOT NULL DEFAULT 0, `vendor_created_at` datetime NOT NULL DEFAULT current_timestamp(), `vendor_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `vendor_archived_at` datetime DEFAULT NULL, @@ -2913,4 +3069,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2025-11-11 19:57:21 +-- Dump completed on 2026-02-03 22:22:07 diff --git a/functions.php b/functions.php index 94f35602..e6b2acb8 100644 --- a/functions.php +++ b/functions.php @@ -4,20 +4,13 @@ DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!"); // Function to generate both crypto & URL safe random strings -function randomString($length = 16) { - // Generate some cryptographically safe random bytes - // Generate a little more than requested as we'll lose some later converting - $random_bytes = random_bytes($length + 5); - - // Convert the bytes to something somewhat human-readable - $random_base_64 = base64_encode($random_bytes); - - // Replace the nasty characters that come with base64 - $bad_chars = array("/", "+", "="); - $random_string = str_replace($bad_chars, random_int(0, 9), $random_base_64); - - // Truncate the string to the requested $length and return - return substr($random_string, 0, $length); +function randomString(int $length = 16): string { + $bytes = random_bytes((int) ceil($length * 3 / 4)); + return substr( + rtrim(strtr(base64_encode($bytes), '+/', '-_'), '='), + 0, + $length + ); } // Older keygen function - only used for TOTP currently @@ -1176,7 +1169,7 @@ function getTicketStatusName($ticket_status) { global $mysqli; $status_id = intval($ticket_status); - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $status_id LIMIT 1")); + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $status_id LIMIT 1")); if ($row) { return nullable_htmlentities($row['ticket_status_name']); @@ -1372,7 +1365,7 @@ function lookupUserPermission($module) { module_name = '$module' AND user_role_permissions.user_role_id = $session_user_role" ); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); if (isset($row['user_role_permission_level'])) { return intval($row['user_role_permission_level']); @@ -1433,7 +1426,7 @@ function appNotify($type, $details, $action = null, $client_id = 0, $entity_id = WHERE user_type = 1 AND user_status = 1 AND user_archived_at IS NULL "); - while ($row = mysqli_fetch_array($sql)) { + while ($row = mysqli_fetch_assoc($sql)) { $user_id = intval($row['user_id']); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = '$type', notification = '$details', notification_action = '$action', notification_client_id = $client_id, notification_entity_id = $entity_id, notification_user_id = $user_id"); @@ -1443,6 +1436,10 @@ function appNotify($type, $details, $action = null, $client_id = 0, $entity_id = function logAction($type, $action, $description, $client_id = 0, $entity_id = 0) { global $mysqli, $session_user_agent, $session_ip, $session_user_id; + $client_id = intval($client_id); + $entity_id = intval($entity_id); + $session_user_id = intval($session_user_id); + if (empty($session_user_id)) { $session_user_id = 0; } @@ -1572,7 +1569,7 @@ function display_folder_options($parent_folder_id, $client_id, $indent = 0) { global $mysqli; $sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE parent_folder = $parent_folder_id AND folder_client_id = $client_id ORDER BY folder_name ASC"); - while ($row = mysqli_fetch_array($sql_folders)) { + while ($row = mysqli_fetch_assoc($sql_folders)) { $folder_id = intval($row['folder_id']); $folder_name = nullable_htmlentities($row['folder_name']); @@ -2001,3 +1998,20 @@ function dbRollback(mysqli $mysqli): void { $mysqli->rollback(); } + +function formatDuration($time) { + // expects "HH:MM:SS" + [$h, $m, $s] = array_map('intval', explode(':', $time)); + + $parts = []; + + if ($h > 0) $parts[] = $h . 'h'; + if ($m > 0) $parts[] = $m . 'm'; + + // show seconds only if under 1 minute total OR if nothing else exists + if ($h == 0 && $m == 0) { + $parts[] = $s . 's'; + } + + return implode(' ', $parts); +} diff --git a/guest/guest_ajax.php b/guest/guest_ajax.php index c7803375..aba9b1c5 100644 --- a/guest/guest_ajax.php +++ b/guest/guest_ajax.php @@ -42,7 +42,7 @@ if (isset($_GET['stripe_create_pi'])) { exit("Invalid Invoice ID/SQL query"); } - $row = mysqli_fetch_array($invoice_sql); + $row = mysqli_fetch_assoc($invoice_sql); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $invoice_amount = floatval($row['invoice_amount']); @@ -52,7 +52,7 @@ if (isset($_GET['stripe_create_pi'])) { // Add up all the payments for the invoice and get the total amount paid to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $row_amt = mysqli_fetch_array($sql_amount_paid); + $row_amt = mysqli_fetch_assoc($sql_amount_paid); $amount_paid = floatval($row_amt['amount_paid']); $balance_to_pay = $invoice_amount - $amount_paid; @@ -63,7 +63,7 @@ if (isset($_GET['stripe_create_pi'])) { } // Setup Stripe from payment_providers - $stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_name = 'Stripe' LIMIT 1")); + $stripe_provider = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_name = 'Stripe' LIMIT 1")); if (!$stripe_provider) { exit("Stripe not enabled / configured"); } diff --git a/guest/guest_approve_ticket_task.php b/guest/guest_approve_ticket_task.php new file mode 100644 index 00000000..e59f0635 --- /dev/null +++ b/guest/guest_approve_ticket_task.php @@ -0,0 +1,113 @@ +set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one +$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); +$purifier = new HTMLPurifier($purifier_config); + +if (!isset($_GET['task_approval_id'], $_GET['url_key'])) { + echo "

      Oops, something went wrong! Please raise a ticket if you believe this is an error.

      "; + require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php'; + exit(); +} + +// Company info +$company_sql_row = mysqli_fetch_assoc(mysqli_query($mysqli, " + SELECT + company_phone, + company_phone_country_code, + company_website + FROM + companies, + settings + WHERE + companies.company_id = settings.company_id + AND companies.company_id = 1" +)); + +$company_phone_country_code = nullable_htmlentities($company_sql_row['company_phone_country_code']); +$company_phone = nullable_htmlentities(formatPhoneNumber($company_sql_row['company_phone'], $company_phone_country_code)); +$company_website = nullable_htmlentities($company_sql_row['company_website']); + +$approval_id = intval($_GET['task_approval_id']); +$url_key = sanitizeInput($_GET['url_key']); + +$task_row = mysqli_fetch_assoc(mysqli_query($mysqli, + "SELECT * FROM task_approvals + LEFT JOIN tasks ON approval_task_id = task_id + LEFT JOIN tickets on task_ticket_id = ticket_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE approval_id = $approval_id AND approval_url_key = '$url_key' + LIMIT 1" +)); + +if (!$task_row) { + // Invalid + echo "

      Oops, something went wrong! Please raise a ticket if you believe this is an error.

      "; + require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php'; + exit(); +} + + +$task_id = intval($task_row['task_id']); +$task_name = nullable_htmlentities($task_row['task_name']); +$approval_scope = nullable_htmlentities($task_row['approval_scope']); +$approval_type = nullable_htmlentities($task_row['approval_type']); +$approval_status = nullable_htmlentities($task_row['approval_status']); + +$ticket_prefix = nullable_htmlentities($task_row['ticket_prefix']); +$ticket_number = intval($task_row['ticket_number']); +$ticket_status = nullable_htmlentities($task_row['ticket_status_name']); +$ticket_priority = nullable_htmlentities($task_row['ticket_priority']); +$ticket_subject = nullable_htmlentities($task_row['ticket_subject']); +$ticket_details = $purifier->purify($task_row['ticket_details']); + +?> + +
      +
      +

      + Task Approval for Ticket +

      +
      + +
      +
      Subject:
      +

      + State: +
      + Priority: +
      +

      + +
      +
      Task Approval
      +

      + Task Name: +
      + Scope/Type: +
      + Status: +
      + + Action: Approve Task + +

      + +
      +
      + +
      + +
      + $company_phone | $company_website"; ?> +
      + + NOW() LIMIT 1"); - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $item_active = intval($row['item_active']); $item_type = sanitizeInput($row['item_type']); @@ -50,7 +50,7 @@ if (isset($_GET['id']) && isset($_GET['key'])) { } $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); - $file_row = mysqli_fetch_array($file_sql); + $file_row = mysqli_fetch_assoc($file_sql); if (mysqli_num_rows($file_sql) !== 1 || !$file_row) { exit("Item cannot be viewed at this time (No file, may have been deleted)."); diff --git a/guest/guest_pay_invoice_stripe.php b/guest/guest_pay_invoice_stripe.php index 894c133a..ba9750a4 100644 --- a/guest/guest_pay_invoice_stripe.php +++ b/guest/guest_pay_invoice_stripe.php @@ -5,7 +5,7 @@ require_once 'includes/inc_all_guest.php'; DEFINE("WORDING_PAYMENT_FAILED", "

      There was an error verifying your payment. Please contact us for more information before attempting payment again.

      "); // --- Get Stripe config from payment_providers table --- -$stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers")); +$stripe_provider = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payment_providers")); $stripe_publishable = nullable_htmlentities($stripe_provider['payment_provider_public_key']); @@ -42,7 +42,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent exit(); } - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $invoice_id = intval($row['invoice_id']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); @@ -57,13 +57,13 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent // Company info for currency formatting, etc $sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); - $company_row = mysqli_fetch_array($sql_company); + $company_row = mysqli_fetch_assoc($sql_company); $company_locale = nullable_htmlentities($company_row['company_locale']); $config_base_url = nullable_htmlentities($company_row['company_base_url'] ?? ''); // You might want to pull from settings if needed // Add up all payments made to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $amount_paid = floatval(mysqli_fetch_array($sql_amount_paid)['amount_paid']); + $amount_paid = floatval(mysqli_fetch_assoc($sql_amount_paid)['amount_paid']); $balance_to_pay = round($invoice_amount - $amount_paid, 2); // Get invoice items @@ -95,7 +95,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
    Output("$filename.pdf", 'I'); } - + exit; } if (isset($_POST['guest_quote_upload_file'])) { - + $quote_id = intval($_POST['quote_id']); $url_key = sanitizeInput($_POST['url_key']); @@ -664,7 +697,7 @@ if (isset($_POST['guest_quote_upload_file'])) { $sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'"); if (mysqli_num_rows($sql) == 1) { - $row = mysqli_fetch_array($sql); + $row = mysqli_fetch_assoc($sql); $quote_prefix = sanitizeInput($row['quote_prefix']); $quote_number = intval($row['quote_number']); $client_id = intval($row['client_id']); @@ -705,7 +738,7 @@ if (isset($_POST['guest_quote_upload_file'])) { $folder_sql = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_name = 'Client Uploads' AND parent_folder = 0 AND folder_client_id = $client_id LIMIT 1"); if (mysqli_num_rows($folder_sql) == 1) { // Get - $row = mysqli_fetch_array($folder_sql); + $row = mysqli_fetch_assoc($folder_sql); $folder_id = $row['folder_id']; } else { // Create @@ -726,16 +759,16 @@ if (isset($_POST['guest_quote_upload_file'])) { // Logging & feedback flash_alert('File uploaded!'); - + appNotify("Quote File", "$file_name was uploaded to quote $quote_prefix$quote_number", "/agent/quote.php?quote_id=$quote_id", $client_id); - + mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Upload', history_description = 'Client uploaded file $file_name', history_quote_id = $quote_id"); - + logAction("File", "Upload", "Guest uploaded file $file_name to quote $quote_prefix$quote_number", $client_id); } else { flash_alert('Something went wrong uploading the file - please let the support team know.', 'error'); - + logApp("Guest", "error", "Error uploading file to invoice"); } diff --git a/guest/guest_view_invoice.php b/guest/guest_view_invoice.php index 35f98438..bfbeb3ba 100644 --- a/guest/guest_view_invoice.php +++ b/guest/guest_view_invoice.php @@ -30,7 +30,7 @@ if (mysqli_num_rows($sql) !== 1) { exit(); } -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $invoice_id = intval($row['invoice_id']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); @@ -62,7 +62,7 @@ $client_currency_code = nullable_htmlentities($row['client_currency_code']); $client_net_terms = intval($row['client_net_terms']); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $company_name = nullable_htmlentities($row['company_name']); $company_address = nullable_htmlentities($row['company_address']); @@ -85,11 +85,11 @@ if (!empty($company_logo)) { $company_logo_base64 = base64_encode(file_get_contents("../uploads/settings/$company_logo")); } $company_locale = nullable_htmlentities($row['company_locale']); -$config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']); +$config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']); // Get Payment Provide Details $sql = mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_active = 1 LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $payment_provider_id = intval($row['payment_provider_id']); $payment_provider_name = nullable_htmlentities($row['payment_provider_name']); $payment_provider_threshold = floatval($row['payment_provider_threshold']); @@ -111,15 +111,15 @@ if ($invoice_status == 'Sent') { mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id"); if ($invoice_status !== 'Paid') { - + appNotify("Invoice Viewed", "Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser", "/agent/invoice.php?invoice_id=$invoice_id", $client_id); - + } $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); //Add up all the payments for the invoice and get the total amount paid to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); -$row = mysqli_fetch_array($sql_amount_paid); +$row = mysqli_fetch_assoc($sql_amount_paid); $amount_paid = floatval($row['amount_paid']); // Calculate the balance owed @@ -141,12 +141,12 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it // Get Total Account Balance //Add up all the payments for the invoice and get the total amount paid to the invoice $sql_invoice_amounts = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status != 'Draft' AND invoice_status != 'Cancelled' AND invoice_status != 'Non-Billable'"); -$row = mysqli_fetch_array($sql_invoice_amounts); +$row = mysqli_fetch_assoc($sql_invoice_amounts); $account_balance = floatval($row['invoice_amounts']); $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"); -$row = mysqli_fetch_array($sql_amount_paid); +$row = mysqli_fetch_assoc($sql_amount_paid); $account_amount_paid = floatval($row['amount_paid']); @@ -180,7 +180,7 @@ if ($balance > 0) { ( $payment_provider_threshold == 0 || $payment_provider_threshold > $invoice_amount - ) + ) ){ ?> Pay Now @@ -264,7 +264,7 @@ if ($balance > 0) { $total_tax = 0.00; $sub_total = 0.00 - $invoice_discount; - while ($row = mysqli_fetch_array($sql_invoice_items)) { + while ($row = mysqli_fetch_assoc($sql_invoice_items)) { $item_id = intval($row['item_id']); $item_name = nullable_htmlentities($row['item_name']); $item_description = nullable_htmlentities($row['item_description']); @@ -338,7 +338,7 @@ if ($balance > 0) { @@ -383,7 +383,7 @@ if ($current_invoices_count > 0) { ?> 0) { ?> set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'htt $purifier = new HTMLPurifier($purifier_config); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $company_name = nullable_htmlentities($row['company_name']); $company_address = nullable_htmlentities($row['company_address']); @@ -48,7 +48,7 @@ $item_id = intval($_GET['id']); $item_key = sanitizeInput($_GET['key']); $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); // Check we got a result if (mysqli_num_rows($sql) !== 1 || !$row) { @@ -119,7 +119,7 @@ appNotify("Share Viewed", "$item_type_sql_escaped has been viewed by $item_recip if ($item_type == "Document") { $doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $item_related_id AND document_client_id = $client_id LIMIT 1"); - $doc_row = mysqli_fetch_array($doc_sql); + $doc_row = mysqli_fetch_assoc($doc_sql); if (mysqli_num_rows($doc_sql) !== 1 || !$doc_row) { echo "
    Error retrieving document to view.
    "; @@ -146,7 +146,7 @@ if ($item_type == "Document") { } elseif ($item_type == "File") { $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); - $file_row = mysqli_fetch_array($file_sql); + $file_row = mysqli_fetch_assoc($file_sql); if (mysqli_num_rows($file_sql) !== 1 || !$file_row) { echo "
    Error retrieving file.
    "; @@ -168,7 +168,7 @@ if ($item_type == "Document") { $encryption_key = $_GET['ek']; $credential_sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $item_related_id AND credential_client_id = $client_id LIMIT 1"); - $credential_row = mysqli_fetch_array($credential_sql); + $credential_row = mysqli_fetch_assoc($credential_sql); if (mysqli_num_rows($credential_sql) !== 1 || !$credential_row) { echo "
    Error retrieving login.
    "; require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php'; diff --git a/guest/guest_view_quote.php b/guest/guest_view_quote.php index bc439faf..28c83988 100644 --- a/guest/guest_view_quote.php +++ b/guest/guest_view_quote.php @@ -32,7 +32,7 @@ if (mysqli_num_rows($sql) !== 1) { exit(); } -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $quote_id = intval($row['quote_id']); $quote_prefix = nullable_htmlentities($row['quote_prefix']); @@ -62,7 +62,7 @@ $client_website = nullable_htmlentities($row['client_website']); $client_currency_code = nullable_htmlentities($row['client_currency_code']); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $company_name = nullable_htmlentities($row['company_name']); $company_address = nullable_htmlentities($row['company_address']); $company_city = nullable_htmlentities($row['company_city']); @@ -198,7 +198,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie $total_tax = $sub_total = 0; // Default 0 - while ($row = mysqli_fetch_array($sql_items)) { + while ($row = mysqli_fetch_assoc($sql_items)) { $item_id = intval($row['item_id']); $item_name = nullable_htmlentities($row['item_name']); $item_description = nullable_htmlentities($row['item_description']); diff --git a/guest/guest_view_ticket.php b/guest/guest_view_ticket.php index ecd45749..48ad8c2d 100644 --- a/guest/guest_view_ticket.php +++ b/guest/guest_view_ticket.php @@ -17,15 +17,15 @@ if (!isset($_GET['ticket_id'], $_GET['url_key'])) { } // Company info -$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, " - SELECT +$company_sql_row = mysqli_fetch_assoc(mysqli_query($mysqli, " + SELECT company_phone, company_phone_country_code, - company_website - FROM + company_website + FROM companies, settings - WHERE + WHERE companies.company_id = settings.company_id AND companies.company_id = 1" )); @@ -52,7 +52,7 @@ if (mysqli_num_rows($ticket_sql) !== 1) { exit(); } -$ticket_row = mysqli_fetch_array($ticket_sql); +$ticket_row = mysqli_fetch_assoc($ticket_sql); if ($ticket_row) { @@ -149,7 +149,7 @@ if ($ticket_row) { purify($row['ticket_reply']); $ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']); diff --git a/guest/includes/inc_all_guest.php b/guest/includes/inc_all_guest.php index b30592a3..f474396b 100644 --- a/guest/includes/inc_all_guest.php +++ b/guest/includes/inc_all_guest.php @@ -16,7 +16,7 @@ $browser = sanitizeInput(getWebBrowser($user_agent)); // Get Company Name $sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = 1"); -$row = mysqli_fetch_array($sql); +$row = mysqli_fetch_assoc($sql); $session_company_name = $row['company_name']; diff --git a/includes/app_version.php b/includes/app_version.php index 0f6537de..f030c794 100644 --- a/includes/app_version.php +++ b/includes/app_version.php @@ -5,4 +5,4 @@ * Update this file each time we merge develop into master. Format is YY.MM (add a .v if there is more than one release a month. */ -DEFINE("APP_VERSION", "25.12.1"); +DEFINE("APP_VERSION", "26.02"); diff --git a/includes/database_version.php b/includes/database_version.php index 63110ccf..4471201f 100644 --- a/includes/database_version.php +++ b/includes/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "2.3.8"); +DEFINE("LATEST_DATABASE_VERSION", "2.4.0"); diff --git a/includes/inc_set_timezone.php b/includes/inc_set_timezone.php index e81e950f..1195fbd4 100644 --- a/includes/inc_set_timezone.php +++ b/includes/inc_set_timezone.php @@ -1,7 +1,7 @@ - - `; - $('.content-wrapper').append(loadingSpinner); - - // Make AJAX request - $.ajax({ - url: modalUrl, - method: 'GET', - dataType: 'json', - success: function (response) { - $('#modal-loading-spinner').remove(); - - if (response.error) { - alert(response.error); - return; - } - - const modalHtml = ` - `; - - $('.content-wrapper').append(modalHtml); - const $modal = $('#' + modalId); - $modal.modal('show'); - - $modal.on('hidden.bs.modal', function () { - $(this).remove(); - }); - }, - error: function (xhr, status, error) { - $('#modal-loading-spinner').remove(); - alert('Error loading modal content. Please try again.'); - console.error('Modal AJAX Error:', status, error); +// Ajax Modal Load Script (deduped + locked) +function hashKey(str) { + let h = 0; + for (let i = 0; i < str.length; i++) { + h = ((h << 5) - h + str.charCodeAt(i)) | 0; } - }); + return Math.abs(h).toString(36); +} + +$(document).on('click', '.ajax-modal', function (e) { + e.preventDefault(); + + const $trigger = $(this); + + // prevent spam clicks on same trigger + if ($trigger.data('ajaxModalLoading')) { + return; + } + + $trigger + .data('ajaxModalLoading', true) + .prop('disabled', true) + .addClass('disabled'); + + // Prefer data-modal-url, fallback to href + const modalUrl = $trigger.data('modal-url') || $trigger.attr('href') || '#'; + const modalSize = $trigger.data('modal-size') || 'md'; + + if (!modalUrl || modalUrl === '#') { + console.warn('ajax-modal: No modal URL found on trigger:', this); + + $trigger + .data('ajaxModalLoading', false) + .prop('disabled', false) + .removeClass('disabled'); + + return; + } + + // stable IDs based on URL (prevents duplicates) + const key = hashKey(String(modalUrl)); + const modalId = 'ajaxModal_' + key; + const spinnerId = 'modal-loading-spinner-' + key; + + // if modal already exists, just show it + const $existing = $('#' + modalId); + if ($existing.length) { + $existing.modal('show'); + + $trigger + .data('ajaxModalLoading', false) + .prop('disabled', false) + .removeClass('disabled'); + + return; + } + + // Show loading spinner while fetching content (deduped) + $('#' + spinnerId).remove(); + $('.content-wrapper').append(` +
    + +
    + `); + + $.ajax({ + url: modalUrl, + method: 'GET', + dataType: 'json' + }) + .done(function (response) { + $('#' + spinnerId).remove(); + + if (response && response.error) { + alert(response.error); + return; + } + + // guard against race: if another request already created it + if ($('#' + modalId).length) { + $('#' + modalId).modal('show'); + return; + } + + const modalHtml = ` + `; + + $('.content-wrapper').append(modalHtml); + + const $modal = $('#' + modalId); + $modal.modal('show'); + + $modal.on('hidden.bs.modal', function () { + $(this).remove(); + }); + }) + .fail(function (xhr, status, error) { + $('#' + spinnerId).remove(); + alert('Error loading modal content. Please try again.'); + console.error('Modal AJAX Error:', status, error); + }) + .always(function () { + $trigger + .data('ajaxModalLoading', false) + .prop('disabled', false) + .removeClass('disabled'); + }); }); diff --git a/js/app.js b/js/app.js index edae3f18..41ed075b 100644 --- a/js/app.js +++ b/js/app.js @@ -183,7 +183,7 @@ $(document).ready(function() { browser_spellcheck: true, contextmenu: false, resize: true, - min_height: 300, + min_height: 200, max_height: 600, promotion: false, branding: false, @@ -201,7 +201,16 @@ $(document).ready(function() { ], mobile: { menubar: false, - toolbar: 'bold italic styles' + toolbar: [ + { name: 'styles', items: ['styles'] }, + { name: 'formatting', items: ['bold', 'italic', 'forecolor'] }, + { name: 'link', items: ['link'] }, + { name: 'lists', items: ['bullist', 'numlist'] }, + { name: 'indentation', items: ['outdent', 'indent'] }, + { name: 'ai', items: ['reword', 'undo', 'redo'] }, + { name: 'custom', items: ['redactButton'] }, + { name: 'code', items: ['code'] }, + ], }, convert_urls: false, plugins: 'link image lists table code codesample fullscreen autoresize code', @@ -312,7 +321,7 @@ $(document).ready(function() { plugins: 'link image lists table code fullscreen autoresize', license_key: 'gpl', setup: function(editor) { - + editor.on('init', function() { window.onbeforeunload = function() { // If editor is dirty AND not inside a visible modal → warn diff --git a/login.php b/login.php index 7e69045a..9e420963 100644 --- a/login.php +++ b/login.php @@ -2,13 +2,10 @@ // Unified login (Agent + Client) using one email & password -// Enforce a Content Security Policy for security against cross-site scripting header("Content-Security-Policy: default-src 'self'"); -// Check if the config.php file exists if (!file_exists('config.php')) { - // Redirect to the setup page if config.php doesn't exist - header("Location: /setup"); // Must use header as functions aren't included yet + header("Location: /setup"); exit(); } @@ -16,12 +13,9 @@ require_once "config.php"; require_once "functions.php"; require_once "plugins/totp/totp.php"; -// Sessions & cookies if (session_status() === PHP_SESSION_NONE) { - // HTTP-Only cookies ini_set("session.cookie_httponly", true); - // Tell client to only send cookie(s) over HTTPS if ($config_https_only || !isset($config_https_only)) { ini_set("session.cookie_secure", true); } @@ -29,28 +23,28 @@ if (session_status() === PHP_SESSION_NONE) { session_start(); } -// Check if setup mode is enabled or the variable is missing if (!isset($config_enable_setup) || $config_enable_setup == 1) { - // Redirect to the setup page header("Location: /setup"); exit(); } -// Check if the application is configured for HTTPS-only access -if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https')) { +if ( + $config_https_only + && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') + && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https') +) { echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet."; exit; } -// Set Timezone after session_start require_once "includes/inc_set_timezone.php"; -// IP & User Agent for logging $session_ip = sanitizeInput(getIP()); $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT'] ?? ''); -// Block brute force password attacks - check recent failed login attempts for this IP -// Block access if more than 15 failed login attempts have happened in the last 10 minutes +// IMPORTANT (Option B support): ensure this exists in this scope so logAction() can use it +$session_user_id = intval($_SESSION['user_id'] ?? 0); + $row = mysqli_fetch_assoc(mysqli_query( $mysqli, "SELECT COUNT(log_id) AS failed_login_count @@ -63,30 +57,26 @@ $row = mysqli_fetch_assoc(mysqli_query( $failed_login_count = intval($row['failed_login_count']); if ($failed_login_count >= 15) { - + // Make sure global session_user_id is not required here (will be 0 anyway) logAction("Login", "Blocked", "$session_ip was blocked access to login due to IP lockout"); - - // Inform user & quit processing page header("HTTP/1.1 429 Too Many Requests"); exit("

    $config_app_name

    Your IP address has been blocked due to repeated failed login attempts. Please try again later.

    This action has been logged."); } -// Query Settings for company +// Settings $sql_settings = mysqli_query($mysqli, " SELECT settings.*, companies.company_name, companies.company_logo FROM settings LEFT JOIN companies ON settings.company_id = companies.company_id WHERE settings.company_id = 1 "); -$row = mysqli_fetch_array($sql_settings); +$row = mysqli_fetch_assoc($sql_settings); -// Company info $company_name = $row['company_name']; $company_logo = $row['company_logo']; $config_start_page = nullable_htmlentities($row['config_start_page']); $config_login_message = nullable_htmlentities($row['config_login_message']); -// Mail $config_smtp_host = $row['config_smtp_host']; $config_smtp_port = intval($row['config_smtp_port']); $config_smtp_encryption = $row['config_smtp_encryption']; @@ -95,49 +85,97 @@ $config_smtp_password = $row['config_smtp_password']; $config_mail_from_email = sanitizeInput($row['config_mail_from_email']); $config_mail_from_name = sanitizeInput($row['config_mail_from_name']); -// Client Portal Enabled $config_client_portal_enable = intval($row['config_client_portal_enable']); $config_login_remember_me_expire = intval($row['config_login_remember_me_expire']); +$config_whitelabel_enabled = intval($row['config_whitelabel_enabled']); -// Login key (if setup) $config_login_key_required = $row['config_login_key_required']; -$config_login_key_secret = $row['config_login_key_secret']; +$config_login_key_secret = $row['config_login_key_secret']; -// Azure / Entra for client $azure_client_id = $row['config_azure_client_id'] ?? null; -$response = null; -$token_field = null; -$show_role_choice = false; -$email = ''; -$password = ''; +$response = null; +$token_field = null; +$show_role_choice = false; -// Handle POST login request (normal login or role choice) -if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_POST['role_choice']))) { +$email = ''; +$password = ''; // only ever used in the initial POST request - $email = sanitizeInput($_POST['email'] ?? ''); - $password = $_POST['password'] ?? ''; - $role_choice = $_POST['role_choice'] ?? null; // 'agent' or 'client' +// Helpers +function pendingExpired($sess, $ttl_seconds = 120) { + return !$sess || empty($sess['created']) || (time() - intval($sess['created']) > $ttl_seconds); +} - // Basic validation - if (empty($email) || empty($password) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { - header("HTTP/1.1 401 Unauthorized"); - $response = " -
    - Incorrect username or password. - -
    "; - } else { +// POST handling +if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_POST['role_choice']) || isset($_POST['mfa_login']))) { - /* - * Unified lookup: - * - user_type = 1 → Agent - * - user_type = 2 → Client (must not be archived, client not archived) - * We fetch all possible matches for this email, then verify password per row. - * If both an agent and a client match with the same password: - * - First, show choice buttons (Agent / Client). - * - When user clicks a choice, we honor role_choice. - */ + $role_choice = $_POST['role_choice'] ?? null; + + $is_login_step = isset($_POST['login']); + $is_role_step = isset($_POST['role_choice']) && !$is_login_step && !isset($_POST['mfa_login']); + $is_mfa_step = isset($_POST['mfa_login']); + + // ----------------------------------- + // STEP 2: ROLE CHOICE (no email/pass) + // ----------------------------------- + if ($is_role_step) { + + $posted_token = $_POST['pending_login_token'] ?? ''; + $sess = $_SESSION['pending_dual_login'] ?? null; + + if (pendingExpired($sess) || empty($posted_token) || empty($sess['token']) || !hash_equals($sess['token'], $posted_token)) { + unset($_SESSION['pending_dual_login']); + header("HTTP/1.1 401 Unauthorized"); + $response = " +
    + Your login session expired. Please sign in again. +
    "; + } else { + $email = sanitizeInput($sess['email'] ?? ''); + } + } + + // ----------------------------------- + // STEP 3: MFA SUBMIT (no email/pass) + // ----------------------------------- + if ($is_mfa_step && empty($response)) { + + $posted_token = $_POST['pending_mfa_token'] ?? ''; + $sess = $_SESSION['pending_mfa_login'] ?? null; + + if (pendingExpired($sess) || empty($posted_token) || empty($sess['token']) || !hash_equals($sess['token'], $posted_token)) { + unset($_SESSION['pending_mfa_login']); + header("HTTP/1.1 401 Unauthorized"); + $response = " +
    + Your MFA session expired. Please sign in again. +
    "; + } else { + $email = sanitizeInput($sess['email'] ?? ''); + $role_choice = 'agent'; + } + } + + // ----------------------------------- + // STEP 1: INITIAL CREDENTIALS + // ----------------------------------- + if ($is_login_step && empty($response)) { + $email = sanitizeInput($_POST['email'] ?? ''); + $password = $_POST['password'] ?? ''; + + if (empty($email) || empty($password) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { + header("HTTP/1.1 401 Unauthorized"); + $response = " +
    + Incorrect username or password. +
    "; + } + } + + // Continue only if no response error + if (empty($response)) { + + // Query all possible matches for that email $sql = mysqli_query($mysqli, " SELECT users.*, user_settings.*, @@ -159,307 +197,415 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_ $agentRow = null; $clientRow = null; + // Step 1: verify password. Step 2/3: use stored allowed ids. + $allowed_agent_id = null; + $allowed_client_id = null; + + if ($is_role_step) { + $sess = $_SESSION['pending_dual_login'] ?? null; + $allowed_agent_id = isset($sess['agent_user_id']) ? intval($sess['agent_user_id']) : null; + $allowed_client_id = isset($sess['client_user_id']) ? intval($sess['client_user_id']) : null; + } + + if ($is_mfa_step) { + $sess = $_SESSION['pending_mfa_login'] ?? null; + $allowed_agent_id = isset($sess['agent_user_id']) ? intval($sess['agent_user_id']) : null; + } + while ($r = mysqli_fetch_assoc($sql)) { - if (!password_verify($password, $r['user_password'])) { - continue; + + $ut = intval($r['user_type']); + + if ($is_login_step) { + // Only Step 1 checks password + if (!password_verify($password, $r['user_password'])) { + continue; + } + } else { + // Step 2/3: restrict to ids we previously verified + if ($ut === 1 && $allowed_agent_id !== null && intval($r['user_id']) !== $allowed_agent_id) { + continue; + } + if ($ut === 2 && $allowed_client_id !== null && intval($r['user_id']) !== $allowed_client_id) { + continue; + } } - if (intval($r['user_type']) === 1 && $agentRow === null) { + + if ($ut === 1 && $agentRow === null) { $agentRow = $r; } - if (intval($r['user_type']) === 2 && $clientRow === null) { + if ($ut === 2 && $clientRow === null) { $clientRow = $r; } } - $selectedRow = null; - $selectedType = null; // 1 = agent, 2 = client - if ($agentRow === null && $clientRow === null) { - - // No matching user/password combo header("HTTP/1.1 401 Unauthorized"); + + // Option B not possible here (we don't know user_id reliably) logAction("Login", "Failed", "Failed login attempt using $email"); $response = "
    Incorrect username or password. -
    "; - - } elseif ($agentRow !== null && $clientRow !== null) { - - // Both agent and client accounts share same email + password - if ($role_choice === 'agent') { - $selectedRow = $agentRow; - $selectedType = 1; - } elseif ($role_choice === 'client') { - $selectedRow = $clientRow; - $selectedType = 2; - } else { - // First time we realise this is a dual-role account: ask user to pick - $show_role_choice = true; - $response = " -
    - This login can be used as either an Agent account or a Client Portal account. - Please choose how you want to continue. - -
    "; - } - } else { - // Only one valid row (agent OR client) - if ($agentRow !== null) { - $selectedRow = $agentRow; - $selectedType = 1; - } else { - $selectedRow = $clientRow; - $selectedType = 2; - } - } - // If we have a specific user selected, proceed with actual login - if ($selectedRow !== null && $selectedType !== null) { + $selectedRow = null; + $selectedType = null; // 1 agent, 2 client - $user_id = intval($selectedRow['user_id']); - $user_email = sanitizeInput($selectedRow['user_email']); - $session_user_id = $user_id; // to pass the user_id to logAction function + // Dual role + if ($agentRow !== null && $clientRow !== null) { - // ========================= - // AGENT LOGIN FLOW - // ========================= - if ($selectedType === 1) { - // Login key verification - // If no/incorrect 'key' is supplied, send to client portal instead - if ($config_login_key_required) { - if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) { - redirect(); + if ($role_choice === 'agent') { + $selectedRow = $agentRow; + $selectedType = 1; + } elseif ($role_choice === 'client') { + $selectedRow = $clientRow; + $selectedType = 2; + } else { + // Show role choice screen + $show_role_choice = true; + + // If this is the first time (Step 1), we need to stash allowed ids and (optional) decrypted agent encryption key + // WITHOUT storing password. + if ($is_login_step) { + + $pending_token = bin2hex(random_bytes(32)); + + // If agent has user-specific encryption ciphertext, decrypt it NOW while password is present. + $agent_master_key = null; + $agent_cipher = $agentRow['user_specific_encryption_ciphertext'] ?? null; + if (!empty($agent_cipher)) { + $agent_master_key = decryptUserSpecificKey($agent_cipher, $password); + } + + $_SESSION['pending_dual_login'] = [ + 'email' => $email, + 'agent_user_id' => intval($agentRow['user_id']), + 'client_user_id' => intval($clientRow['user_id']), + 'agent_master_key' => $agent_master_key, // may be null + 'token' => $pending_token, + 'created' => time() + ]; } } - $user_name = sanitizeInput($selectedRow['user_name']); - $token = sanitizeInput($selectedRow['user_token']); - $force_mfa = intval($selectedRow['user_config_force_mfa']); - $user_role_id = intval($selectedRow['user_role_id']); - $user_encryption_ciphertext = $selectedRow['user_specific_encryption_ciphertext']; - $user_extension_key = $selectedRow['user_extension_key']; - - $current_code = 0; - if (isset($_POST['current_code'])) { - $current_code = intval($_POST['current_code']); + } else { + // Single role + if ($agentRow !== null) { + $selectedRow = $agentRow; + $selectedType = 1; + } else { + $selectedRow = $clientRow; + $selectedType = 2; } + } - $mfa_is_complete = false; - $extended_log = ''; + // Proceed if selected + if ($selectedRow !== null && $selectedType !== null) { - if (empty($token)) { - // MFA is not configured - $mfa_is_complete = true; - } + // Cache pending sessions BEFORE unsetting anything (needed for role->MFA and MFA success) + $pending_dual = $_SESSION['pending_dual_login'] ?? null; + $pending_mfa = $_SESSION['pending_mfa_login'] ?? null; - // Validate MFA via a remember-me cookie - if (isset($_COOKIE['rememberme'])) { - $remember_tokens = mysqli_query($mysqli, " - SELECT remember_token_token - FROM remember_tokens - WHERE remember_token_user_id = $user_id - AND remember_token_created_at > (NOW() - INTERVAL $config_login_remember_me_expire DAY) - "); - while ($remember_row = mysqli_fetch_assoc($remember_tokens)) { - if (hash_equals($remember_row['remember_token_token'], $_COOKIE['rememberme'])) { - $mfa_is_complete = true; - $extended_log = 'with 2FA remember-me cookie'; - break; + // NOTE: do NOT unset pending_dual_login here anymore; we may still need agent_master_key for MFA or role-step agent login + + $user_id = intval($selectedRow['user_id']); + $user_email = sanitizeInput($selectedRow['user_email']); + + // ========================= + // AGENT FLOW + // ========================= + if ($selectedType === 1) { + + if ($config_login_key_required) { + if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) { + redirect(); } } - } - // Validate MFA code - if (!empty($current_code) && TokenAuth6238::verify($token, $current_code)) { - $mfa_is_complete = true; - $extended_log = 'with MFA'; - } + $user_name = sanitizeInput($selectedRow['user_name']); + $token = sanitizeInput($selectedRow['user_token']); + $force_mfa = intval($selectedRow['user_config_force_mfa']); + $user_encryption_ciphertext = $selectedRow['user_specific_encryption_ciphertext']; - if ($mfa_is_complete) { - // FULL AGENT LOGIN SUCCESS - - // Create a remember me token, if requested - if (isset($_POST['remember_me'])) { - $newRememberToken = bin2hex(random_bytes(64)); - setcookie( - 'rememberme', - $newRememberToken, - time() + 86400 * $config_login_remember_me_expire, - "/", - null, - true, - true - ); - mysqli_query($mysqli, " - INSERT INTO remember_tokens - SET remember_token_user_id = $user_id, - remember_token_token = '$newRememberToken' - "); - - $extended_log .= ", generated a new remember-me token"; + $current_code = 0; + if (isset($_POST['current_code'])) { + $current_code = intval($_POST['current_code']); } - // Check this login isn't suspicious - $sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, " - SELECT COUNT(log_id) AS ip_previous_logins - FROM logs - WHERE log_type = 'Login' - AND log_action = 'Success' - AND log_ip = '$session_ip' - AND log_user_id = $user_id - ")); - $ip_previous_logins = sanitizeInput($sql_ip_prev_logins['ip_previous_logins']); + $mfa_is_complete = false; + $extended_log = ''; - $sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, " - SELECT COUNT(log_id) AS ua_previous_logins - FROM logs - WHERE log_type = 'Login' - AND log_action = 'Success' - AND log_user_agent = '$session_user_agent' - AND log_user_id = $user_id - ")); - $ua_prev_logins = sanitizeInput($sql_ua_prev_logins['ua_previous_logins']); + if (empty($token)) { + $mfa_is_complete = true; // no MFA configured + } - // Notify if both the user agent and IP are different - if (!empty($config_smtp_host) && $ip_previous_logins == 0 && $ua_prev_logins == 0) { - $subject = "$config_app_name new login for $user_name"; - $body = "Hi $user_name,

    A recent successful login to your $config_app_name account was considered a little unusual. If this was you, you can safely ignore this email!

    IP Address: $session_ip
    User Agent: $session_user_agent

    If you did not perform this login, your credentials may be compromised.

    Thanks,
    ITFlow"; + // remember-me cookie allows bypass + if (isset($_COOKIE['rememberme'])) { + $remember_tokens = mysqli_query($mysqli, " + SELECT remember_token_token + FROM remember_tokens + WHERE remember_token_user_id = $user_id + AND remember_token_created_at > (NOW() - INTERVAL $config_login_remember_me_expire DAY) + "); + while ($remember_row = mysqli_fetch_assoc($remember_tokens)) { + if (hash_equals($remember_row['remember_token_token'], $_COOKIE['rememberme'])) { + $mfa_is_complete = true; + $extended_log = 'with 2FA remember-me cookie'; + break; + } + } + } - $data = [ - [ + // Validate MFA code + if (!empty($current_code) && TokenAuth6238::verify($token, $current_code)) { + $mfa_is_complete = true; + $extended_log = 'with MFA'; + } + + if ($mfa_is_complete) { + + // Remember me token creation + if (isset($_POST['remember_me'])) { + $newRememberToken = bin2hex(random_bytes(64)); + setcookie('rememberme', $newRememberToken, time() + 86400 * $config_login_remember_me_expire, "/", null, true, true); + + mysqli_query($mysqli, " + INSERT INTO remember_tokens + SET remember_token_user_id = $user_id, + remember_token_token = '$newRememberToken' + "); + $extended_log .= ", generated a new remember-me token"; + } + + // Suspicious login checks / email notify + $sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, " + SELECT COUNT(log_id) AS ip_previous_logins + FROM logs + WHERE log_type = 'Login' + AND log_action = 'Success' + AND log_ip = '$session_ip' + AND log_user_id = $user_id + ")); + $ip_previous_logins = sanitizeInput($sql_ip_prev_logins['ip_previous_logins']); + + $sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, " + SELECT COUNT(log_id) AS ua_previous_logins + FROM logs + WHERE log_type = 'Login' + AND log_action = 'Success' + AND log_user_agent = '$session_user_agent' + AND log_user_id = $user_id + ")); + $ua_prev_logins = sanitizeInput($sql_ua_prev_logins['ua_previous_logins']); + + if (!empty($config_smtp_host) && $ip_previous_logins == 0 && $ua_prev_logins == 0) { + $subject = "$config_app_name new login for $user_name"; + $body = "Hi $user_name,

    A recent successful login to your $config_app_name account was considered a little unusual. If this was you, you can safely ignore this email!

    IP Address: $session_ip
    User Agent: $session_user_agent

    If you did not perform this login, your credentials may be compromised.

    Thanks,
    ITFlow"; + + $data = [[ 'from' => $config_mail_from_email, 'from_name' => $config_mail_from_name, 'recipient' => $user_email, 'recipient_name' => $user_name, 'subject' => $subject, 'body' => $body - ] - ]; - addToMailQueue($data); - } + ]]; + addToMailQueue($data); + } - logAction("Login", "Success", "$user_name successfully logged in $extended_log", 0, $user_id); + // Option B: set session_user_id BEFORE logAction() + $session_user_id = $user_id; + logAction("Login", "Success", "$user_name successfully logged in $extended_log", 0, $user_id); - // Session info - $_SESSION['user_id'] = $user_id; - $_SESSION['csrf_token'] = randomString(156); - $_SESSION['logged'] = true; + $_SESSION['user_id'] = $user_id; + $_SESSION['csrf_token'] = randomString(32); + $_SESSION['logged'] = true; - // Forcing MFA - if ($force_mfa == 1 && $token == NULL) { - $config_start_page = "user/mfa_enforcement.php"; - } + if ($force_mfa == 1 && $token == NULL) { + $config_start_page = "user/mfa_enforcement.php"; + } - // Setup encryption session key - if (!empty($user_encryption_ciphertext)) { - $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); - generateUserSessionKey($site_encryption_master_key); - } + // Setup encryption session key WITHOUT PASSWORD IN SESSION + $site_encryption_master_key = null; - // Redirect to last visited or config home - if (isset($_GET['last_visited']) && (str_starts_with(base64_decode($_GET['last_visited']), '/agent') || str_starts_with(base64_decode($_GET['last_visited']), '/admin'))) { + if ($is_mfa_step) { + // Step 3: MFA submit + $sess = $pending_mfa ?? ($_SESSION['pending_mfa_login'] ?? null); + if ($sess && !empty($sess['agent_master_key'])) { + $site_encryption_master_key = $sess['agent_master_key']; + } - redirect($_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited'])); + } elseif ($is_role_step) { + // Step 2: role choice (no password available) + $sess = $pending_dual ?? ($_SESSION['pending_dual_login'] ?? null); + if ($sess && !empty($sess['agent_master_key'])) { + $site_encryption_master_key = $sess['agent_master_key']; + } + + } else { + // Step 1: initial login (password available in this request) + if (!empty($user_encryption_ciphertext)) { + $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); + } + } + + if (!empty($site_encryption_master_key)) { + generateUserSessionKey($site_encryption_master_key); + } + + // NOW safe to clear pending sessions AFTER we used them + unset($_SESSION['pending_mfa_login']); + unset($_SESSION['pending_dual_login']); + + // Redirect + if (isset($_GET['last_visited']) && (str_starts_with(base64_decode($_GET['last_visited']), '/agent') || str_starts_with(base64_decode($_GET['last_visited']), '/admin'))) { + redirect($_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited'])); + } else { + redirect("agent/$config_start_page"); + } } else { - redirect("agent/$config_start_page"); - } - } else { + // MFA required — store *only what we need*, not password + $pending_mfa_token = bin2hex(random_bytes(32)); - // MFA is configured and needs to be confirmed, or was unsuccessful + // If we arrived here from role-choice step, the agent master key may be in cached pending_dual + // If we arrived from initial login step, decrypt now (password in memory) and store master key. + $agent_master_key = null; - // HTML code for the token input field - $token_field = " -
    - -
    -
    - -
    -
    -
    "; + if ($is_role_step) { + $sess = $pending_dual ?? ($_SESSION['pending_dual_login'] ?? null); + if ($sess && array_key_exists('agent_master_key', $sess)) { + $agent_master_key = $sess['agent_master_key']; + } + } else { + if (!empty($user_encryption_ciphertext)) { + $agent_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); + } + } - if ($current_code !== 0) { - // Logging - logAction("Login", "MFA Failed", "$user_email failed MFA", 0, $user_id); + $_SESSION['pending_mfa_login'] = [ + 'email' => $user_email, + 'agent_user_id' => $user_id, + 'agent_master_key' => $agent_master_key, // may be null + 'token' => $pending_mfa_token, + 'created' => time() + ]; - // Email the tech to advise their credentials may be compromised - if (!empty($config_smtp_host)) { - $subject = "Important: $config_app_name failed 2FA login attempt for $user_name"; - $body = "Hi $user_name,

    A recent login to your $config_app_name account was unsuccessful due to an incorrect 2FA code. If you did not attempt this login, your credentials may be compromised.

    Thanks,
    ITFlow"; - $data = [ - [ + // Now that we've transferred what we need, it's safe to clear the dual-role pending session. + unset($_SESSION['pending_dual_login']); + + $token_field = " +
    + +
    +
    + +
    +
    +
    "; + + if ($current_code !== 0) { + + // Option B: set session_user_id BEFORE logAction() + $session_user_id = $user_id; + logAction("Login", "MFA Failed", "$user_email failed MFA", 0, $user_id); + + if (!empty($config_smtp_host)) { + $subject = "Important: $config_app_name failed 2FA login attempt for $user_name"; + $body = "Hi $user_name,

    A recent login to your $config_app_name account was unsuccessful due to an incorrect 2FA code. If you did not attempt this login, your credentials may be compromised.

    Thanks,
    ITFlow"; + $data = [[ 'from' => $config_mail_from_email, 'from_name' => $config_mail_from_name, 'recipient' => $user_email, 'recipient_name' => $user_name, 'subject' => $subject, 'body' => $body - ] - ]; - addToMailQueue($data); + ]]; + addToMailQueue($data); + } + + $response = " +
    + Please enter a valid 2FA code. +
    "; } - - $response = " -
    - Please Enter 2FA Code! - -
    "; } - } - // ========================= - // CLIENT LOGIN FLOW - // ========================= - } elseif ($selectedType === 2) { - - if ($config_client_portal_enable != 1) { - // Client portal disabled - header("HTTP/1.1 401 Unauthorized"); - logAction("Client Login", "Failed", "Client portal disabled; login attempt using $email"); - $response = " -
    - Incorrect username or password. - -
    "; - } else { - - $client_id = intval($selectedRow['contact_client_id']); - $contact_id = intval($selectedRow['contact_id']); - $user_auth_method = sanitizeInput($selectedRow['user_auth_method']); - - if ($client_id && $contact_id && $user_auth_method === 'local') { - - $_SESSION['client_logged_in'] = true; - $_SESSION['client_id'] = $client_id; - $_SESSION['user_id'] = $user_id; - $_SESSION['user_type'] = 2; - $_SESSION['contact_id'] = $contact_id; - $_SESSION['login_method'] = "local"; - - logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id); - - header("Location: client/index.php"); - exit(); - - } else { - - // Not allowed or invalid - logAction("Client Login", "Failed", "Failed client portal login attempt using $email (invalid auth method or missing contact/client)", $client_id ?? 0, $user_id); + // ========================= + // CLIENT FLOW + // ========================= + } elseif ($selectedType === 2) { + if ($config_client_portal_enable != 1) { header("HTTP/1.1 401 Unauthorized"); + + logAction("Client Login", "Failed", "Client portal disabled; login attempt using $email"); + $response = "
    Incorrect username or password. -
    "; + } else { + + // Client login user id can be clobbered by SELECT users.*, contacts.*, clients.* collisions. + // Prefer contact_user_id (ties to the portal user), fallback to user_id if present. + $user_id = intval($selectedRow['contact_user_id'] ?? 0); + if ($user_id === 0) { + $user_id = intval($selectedRow['user_id'] ?? 0); + } + + $client_id = intval($selectedRow['contact_client_id'] ?? 0); + $contact_id = intval($selectedRow['contact_id'] ?? 0); + $user_auth_method = sanitizeInput($selectedRow['user_auth_method'] ?? ''); + + if ($client_id && $contact_id && $user_auth_method === 'local') { + + $_SESSION['client_logged_in'] = true; + $_SESSION['client_id'] = $client_id; + $_SESSION['user_id'] = $user_id; + $_SESSION['user_type'] = 2; + $_SESSION['contact_id'] = $contact_id; + $_SESSION['login_method'] = "local"; + + // Keep consistent with agent flow (helps any shared session checks) + $_SESSION['logged'] = true; + $_SESSION['csrf_token'] = randomString(32); + + // Option B: set session_user_id BEFORE logAction() + $session_user_id = $user_id; + logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id); + + // Clear any pending sessions (avoid stale dual-role/MFA state) + unset($_SESSION['pending_dual_login']); + unset($_SESSION['pending_mfa_login']); + + header("Location: client/index.php"); + exit(); + + } else { + + // if we have a users.user_id, log it + $session_user_id = $user_id ?: 0; + logAction( + "Client Login", + "Failed", + "Failed client portal login attempt using $email (invalid auth method or missing contact/client)", + $client_id ?? 0, + $user_id + ); + + header("HTTP/1.1 401 Unauthorized"); + $response = " +
    + Incorrect username or password. +
    "; + } } } } @@ -467,6 +613,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_ } } +// Form state +$show_mfa_form = (isset($token_field) && !empty($token_field)); +$show_login_form = (!$show_role_choice && !$show_mfa_form); + ?> @@ -474,21 +624,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_ <?php echo nullable_htmlentities($company_name); ?> | Login - - - - - @@ -505,66 +650,73 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_
    @@ -26,7 +26,7 @@ Subject - +
    		@@ -39,7 +39,7 @@ - + Billable
    "> - +
    Balance:
    - - - + @@ -78,10 +78,8 @@ ob_start();
    - - " class="btn btn-primary"> + + " class="btn btn-primary"> Dismiss all diff --git a/plugins/DataTables/datatables.min.css b/plugins/DataTables/datatables.min.css index ee624ea7..24798611 100644 --- a/plugins/DataTables/datatables.min.css +++ b/plugins/DataTables/datatables.min.css @@ -4,12 +4,12 @@ * * To rebuild or modify this file with the latest versions of the included * software please visit: - * https://datatables.net/download/#bs4/dt-2.3.4 + * https://datatables.net/download/#bs4/dt-2.3.7 * * Included libraries: - * DataTables 2.3.4 + * DataTables 2.3.7 */ -:root{--dt-row-selected: 2, 117, 216;--dt-row-selected-text: 255, 255, 255;--dt-row-selected-link: 228, 228, 228;--dt-row-stripe: 0, 0, 0;--dt-row-hover: 0, 0, 0;--dt-column-ordering: 0, 0, 0;--dt-header-align-items: center;--dt-header-vertical-align: middle;--dt-html-background: white}:root.dark{--dt-html-background: rgb(33, 37, 41)}table.dataTable tbody td.dt-control{text-align:center;cursor:pointer}table.dataTable tbody td.dt-control:before{display:inline-block;box-sizing:border-box;content:"";border-top:5px solid transparent;border-left:10px solid rgba(0, 0, 0, 0.5);border-bottom:5px solid transparent;border-right:0px solid transparent}table.dataTable tbody tr.dt-hasChild td.dt-control:before{border-top:10px solid rgba(0, 0, 0, 0.5);border-left:5px solid transparent;border-bottom:0px solid transparent;border-right:5px solid transparent}table.dataTable tfoot:empty{display:none}html.dark table.dataTable td.dt-control:before,:root[data-bs-theme=dark] table.dataTable td.dt-control:before,:root[data-theme=dark] table.dataTable td.dt-control:before{border-left-color:rgba(255, 255, 255, 0.5)}html.dark table.dataTable tr.dt-hasChild td.dt-control:before,:root[data-bs-theme=dark] table.dataTable tr.dt-hasChild td.dt-control:before,:root[data-theme=dark] table.dataTable tr.dt-hasChild td.dt-control:before{border-top-color:rgba(255, 255, 255, 0.5);border-left-color:transparent}div.dt-scroll{width:100%}div.dt-scroll-body thead tr,div.dt-scroll-body tfoot tr{height:0}div.dt-scroll-body thead tr th,div.dt-scroll-body thead tr td,div.dt-scroll-body tfoot tr th,div.dt-scroll-body tfoot tr td{height:0 !important;padding-top:0px !important;padding-bottom:0px !important;border-top-width:0px !important;border-bottom-width:0px !important}div.dt-scroll-body thead tr th div.dt-scroll-sizing,div.dt-scroll-body thead tr td div.dt-scroll-sizing,div.dt-scroll-body tfoot tr th div.dt-scroll-sizing,div.dt-scroll-body tfoot tr td div.dt-scroll-sizing{height:0 !important;overflow:hidden !important}table.dataTable thead>tr>th:active,table.dataTable thead>tr>td:active{outline:none}table.dataTable thead>tr>th.dt-orderable-asc span.dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-asc span.dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-asc span.dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-asc span.dt-column-order:before{position:absolute;display:block;bottom:50%;content:"▲";content:"▲"/""}table.dataTable thead>tr>th.dt-orderable-desc span.dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-desc span.dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-desc span.dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-desc span.dt-column-order:after{position:absolute;display:block;top:50%;content:"▼";content:"▼"/""}table.dataTable thead>tr>th.dt-orderable-asc span.dt-column-order,table.dataTable thead>tr>th.dt-orderable-desc span.dt-column-order,table.dataTable thead>tr>th.dt-ordering-asc span.dt-column-order,table.dataTable thead>tr>th.dt-ordering-desc span.dt-column-order,table.dataTable thead>tr>td.dt-orderable-asc span.dt-column-order,table.dataTable thead>tr>td.dt-orderable-desc span.dt-column-order,table.dataTable thead>tr>td.dt-ordering-asc span.dt-column-order,table.dataTable thead>tr>td.dt-ordering-desc span.dt-column-order{position:relative;width:12px;height:20px}table.dataTable thead>tr>th.dt-orderable-asc span.dt-column-order:before,table.dataTable thead>tr>th.dt-orderable-asc span.dt-column-order:after,table.dataTable thead>tr>th.dt-orderable-desc span.dt-column-order:before,table.dataTable thead>tr>th.dt-orderable-desc span.dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-asc span.dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-asc span.dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-desc span.dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-desc span.dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-asc span.dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-asc span.dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-desc span.dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-desc span.dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-asc span.dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-asc span.dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-desc span.dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-desc span.dt-column-order:after{left:0;opacity:.125;line-height:9px;font-size:.8em}table.dataTable thead>tr>th.dt-orderable-asc,table.dataTable thead>tr>th.dt-orderable-desc,table.dataTable thead>tr>td.dt-orderable-asc,table.dataTable thead>tr>td.dt-orderable-desc{cursor:pointer}table.dataTable thead>tr>th.dt-orderable-asc:hover,table.dataTable thead>tr>th.dt-orderable-desc:hover,table.dataTable thead>tr>td.dt-orderable-asc:hover,table.dataTable thead>tr>td.dt-orderable-desc:hover{outline:2px solid rgba(0, 0, 0, 0.05);outline-offset:-2px}table.dataTable thead>tr>th.dt-ordering-asc span.dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-desc span.dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-asc span.dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-desc span.dt-column-order:after{opacity:.6}table.dataTable thead>tr>th.dt-orderable-none:not(.dt-ordering-asc,.dt-ordering-desc) span.dt-column-order:empty,table.dataTable thead>tr>th.sorting_desc_disabled span.dt-column-order:after,table.dataTable thead>tr>th.sorting_asc_disabled span.dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-none:not(.dt-ordering-asc,.dt-ordering-desc) span.dt-column-order:empty,table.dataTable thead>tr>td.sorting_desc_disabled span.dt-column-order:after,table.dataTable thead>tr>td.sorting_asc_disabled span.dt-column-order:before{display:none}table.dataTable thead>tr>th:active,table.dataTable thead>tr>td:active{outline:none}table.dataTable thead>tr>th div.dt-column-header,table.dataTable thead>tr>th div.dt-column-footer,table.dataTable thead>tr>td div.dt-column-header,table.dataTable thead>tr>td div.dt-column-footer,table.dataTable tfoot>tr>th div.dt-column-header,table.dataTable tfoot>tr>th div.dt-column-footer,table.dataTable tfoot>tr>td div.dt-column-header,table.dataTable tfoot>tr>td div.dt-column-footer{display:flex;justify-content:space-between;align-items:var(--dt-header-align-items);gap:4px}table.dataTable thead>tr>th div.dt-column-header span.dt-column-title,table.dataTable thead>tr>th div.dt-column-footer span.dt-column-title,table.dataTable thead>tr>td div.dt-column-header span.dt-column-title,table.dataTable thead>tr>td div.dt-column-footer span.dt-column-title,table.dataTable tfoot>tr>th div.dt-column-header span.dt-column-title,table.dataTable tfoot>tr>th div.dt-column-footer span.dt-column-title,table.dataTable tfoot>tr>td div.dt-column-header span.dt-column-title,table.dataTable tfoot>tr>td div.dt-column-footer span.dt-column-title{flex-grow:1}table.dataTable thead>tr>th div.dt-column-header span.dt-column-title:empty,table.dataTable thead>tr>th div.dt-column-footer span.dt-column-title:empty,table.dataTable thead>tr>td div.dt-column-header span.dt-column-title:empty,table.dataTable thead>tr>td div.dt-column-footer span.dt-column-title:empty,table.dataTable tfoot>tr>th div.dt-column-header span.dt-column-title:empty,table.dataTable tfoot>tr>th div.dt-column-footer span.dt-column-title:empty,table.dataTable tfoot>tr>td div.dt-column-header span.dt-column-title:empty,table.dataTable tfoot>tr>td div.dt-column-footer span.dt-column-title:empty{display:none}div.dt-scroll-body>table.dataTable>thead>tr>th,div.dt-scroll-body>table.dataTable>thead>tr>td{overflow:hidden}:root.dark table.dataTable thead>tr>th.dt-orderable-asc:hover,:root.dark table.dataTable thead>tr>th.dt-orderable-desc:hover,:root.dark table.dataTable thead>tr>td.dt-orderable-asc:hover,:root.dark table.dataTable thead>tr>td.dt-orderable-desc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>th.dt-orderable-asc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>th.dt-orderable-desc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>td.dt-orderable-asc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>td.dt-orderable-desc:hover{outline:2px solid rgba(255, 255, 255, 0.05)}div.dt-processing{position:absolute;top:50%;left:50%;width:200px;margin-left:-100px;margin-top:-22px;text-align:center;padding:2px;z-index:10}div.dt-processing>div:last-child{position:relative;width:80px;height:15px;margin:1em auto}div.dt-processing>div:last-child>div{position:absolute;top:0;width:13px;height:13px;border-radius:50%;background:rgb(2, 117, 216);background:rgb(var(--dt-row-selected));animation-timing-function:cubic-bezier(0, 1, 1, 0)}div.dt-processing>div:last-child>div:nth-child(1){left:8px;animation:datatables-loader-1 .6s infinite}div.dt-processing>div:last-child>div:nth-child(2){left:8px;animation:datatables-loader-2 .6s infinite}div.dt-processing>div:last-child>div:nth-child(3){left:32px;animation:datatables-loader-2 .6s infinite}div.dt-processing>div:last-child>div:nth-child(4){left:56px;animation:datatables-loader-3 .6s infinite}@keyframes datatables-loader-1{0%{transform:scale(0)}100%{transform:scale(1)}}@keyframes datatables-loader-3{0%{transform:scale(1)}100%{transform:scale(0)}}@keyframes datatables-loader-2{0%{transform:translate(0, 0)}100%{transform:translate(24px, 0)}}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable th,table.dataTable td{box-sizing:border-box}table.dataTable th.dt-type-numeric,table.dataTable th.dt-type-date,table.dataTable td.dt-type-numeric,table.dataTable td.dt-type-date{text-align:right}table.dataTable th.dt-type-numeric div.dt-column-header,table.dataTable th.dt-type-numeric div.dt-column-footer,table.dataTable th.dt-type-date div.dt-column-header,table.dataTable th.dt-type-date div.dt-column-footer,table.dataTable td.dt-type-numeric div.dt-column-header,table.dataTable td.dt-type-numeric div.dt-column-footer,table.dataTable td.dt-type-date div.dt-column-header,table.dataTable td.dt-type-date div.dt-column-footer{flex-direction:row-reverse}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-left div.dt-column-header,table.dataTable th.dt-left div.dt-column-footer,table.dataTable td.dt-left div.dt-column-header,table.dataTable td.dt-left div.dt-column-footer{flex-direction:row}table.dataTable th.dt-center,table.dataTable td.dt-center{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-right div.dt-column-header,table.dataTable th.dt-right div.dt-column-footer,table.dataTable td.dt-right div.dt-column-header,table.dataTable td.dt-right div.dt-column-footer{flex-direction:row-reverse}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-justify div.dt-column-header,table.dataTable th.dt-justify div.dt-column-footer,table.dataTable td.dt-justify div.dt-column-header,table.dataTable td.dt-justify div.dt-column-footer{flex-direction:row}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable th.dt-empty,table.dataTable td.dt-empty{text-align:center;vertical-align:top}table.dataTable thead th,table.dataTable thead td,table.dataTable tfoot th,table.dataTable tfoot td{text-align:left;vertical-align:var(--dt-header-vertical-align)}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-left div.dt-column-header,table.dataTable thead th.dt-head-left div.dt-column-footer,table.dataTable thead td.dt-head-left div.dt-column-header,table.dataTable thead td.dt-head-left div.dt-column-footer,table.dataTable tfoot th.dt-head-left div.dt-column-header,table.dataTable tfoot th.dt-head-left div.dt-column-footer,table.dataTable tfoot td.dt-head-left div.dt-column-header,table.dataTable tfoot td.dt-head-left div.dt-column-footer{flex-direction:row}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-right div.dt-column-header,table.dataTable thead th.dt-head-right div.dt-column-footer,table.dataTable thead td.dt-head-right div.dt-column-header,table.dataTable thead td.dt-head-right div.dt-column-footer,table.dataTable tfoot th.dt-head-right div.dt-column-header,table.dataTable tfoot th.dt-head-right div.dt-column-footer,table.dataTable tfoot td.dt-head-right div.dt-column-header,table.dataTable tfoot td.dt-head-right div.dt-column-footer{flex-direction:row-reverse}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-justify div.dt-column-header,table.dataTable thead th.dt-head-justify div.dt-column-footer,table.dataTable thead td.dt-head-justify div.dt-column-header,table.dataTable thead td.dt-head-justify div.dt-column-footer,table.dataTable tfoot th.dt-head-justify div.dt-column-header,table.dataTable tfoot th.dt-head-justify div.dt-column-footer,table.dataTable tfoot td.dt-head-justify div.dt-column-header,table.dataTable tfoot td.dt-head-justify div.dt-column-footer{flex-direction:row}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable.table{clear:both;max-width:none;border-spacing:0;margin-bottom:0}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1){background-color:transparent}table.dataTable.table>tbody>tr{background-color:transparent}table.dataTable.table>tbody>tr.selected>*{box-shadow:inset 0 0 0 9999px rgb(2, 117, 216);box-shadow:inset 0 0 0 9999px rgb(var(--dt-row-selected));color:rgb(255, 255, 255);color:rgb(var(--dt-row-selected-text))}table.dataTable.table>tbody>tr.selected a{color:rgb(228, 228, 228);color:rgb(var(--dt-row-selected-link))}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1)>*{box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-stripe), 0.05)}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1).selected>*{box-shadow:inset 0 0 0 9999px rgba(2, 117, 216, 0.95);box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-selected), 0.95)}table.dataTable.table.table-hover>tbody>tr:hover>*{box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-hover), 0.075)}table.dataTable.table.table-hover>tbody>tr.selected:hover>*{box-shadow:inset 0 0 0 9999px rgba(2, 117, 216, 0.975);box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-selected), 0.975)}div.dt-container div.dt-layout-start>*:not(:last-child){margin-right:1em}div.dt-container div.dt-layout-end>*:not(:first-child){margin-left:1em}div.dt-container div.dt-layout-full{width:100%}div.dt-container div.dt-layout-full>*:only-child{margin-left:auto;margin-right:auto}div.dt-container div.dt-layout-table>div{display:block !important}@media screen and (max-width: 767px){div.dt-container div.dt-layout-start>*:not(:last-child){margin-right:0}div.dt-container div.dt-layout-end>*:not(:first-child){margin-left:0}}div.dt-container{position:relative}div.dt-container>div.row{margin-bottom:.5rem}div.dt-container>div.row:last-child{margin-bottom:0}div.dt-container div.dt-length label{font-weight:normal;text-align:left;white-space:nowrap;margin-bottom:0}div.dt-container div.dt-length select{width:auto;display:inline-block;margin-right:.5em}div.dt-container div.dt-search label{font-weight:normal;white-space:nowrap;text-align:left;margin-bottom:0}div.dt-container div.dt-search input{margin-left:.5em;display:inline-block;width:auto}div.dt-container div.dt-info{white-space:nowrap}div.dt-container div.dt-paging{margin:0}div.dt-container div.dt-paging ul.pagination{margin:0;flex-wrap:wrap}div.dt-container div.dt-processing{position:absolute;top:50%;left:50%;width:200px;margin-left:-100px;margin-top:-26px;text-align:center;padding:1em 0}div.dt-container div.dt-scroll-body{border-bottom:1px solid #dee2e6}div.dt-container div.dt-scroll-body table,div.dt-container div.dt-scroll-body tbody>tr:last-child>*{border-bottom:none}div.dt-scroll-head table.dataTable{margin-bottom:0 !important}div.dt-scroll-body>table{border-top:none;margin-top:0 !important;margin-bottom:0 !important}div.dt-scroll-body>table thead .dt-orderable-asc:before,div.dt-scroll-body>table thead .dt-orderable-desc:after{display:none}div.dt-scroll-body>table>tbody tr:first-child th,div.dt-scroll-body>table>tbody tr:first-child td{border-top:none}div.dt-scroll-foot>.dt-scroll-footInner{box-sizing:content-box}div.dt-scroll-foot>.dt-scroll-footInner>table{margin-top:0 !important;border-top:none}@media screen and (max-width: 767px){div.dt-container div.dt-length,div.dt-container div.dt-search,div.dt-container div.dt-info,div.dt-container div.dt-paging{text-align:center}div.dt-container div.row{margin-bottom:0}div.dt-container div.row>*{margin-bottom:.5rem}div.dt-container div.dt-paging ul.pagination{justify-content:center !important}}table.dataTable.table-sm>thead>tr th.dt-orderable-asc,table.dataTable.table-sm>thead>tr th.dt-orderable-desc,table.dataTable.table-sm>thead>tr th.dt-ordering-asc,table.dataTable.table-sm>thead>tr th.dt-ordering-desc,table.dataTable.table-sm>thead>tr td.dt-orderable-asc,table.dataTable.table-sm>thead>tr td.dt-orderable-desc,table.dataTable.table-sm>thead>tr td.dt-ordering-asc,table.dataTable.table-sm>thead>tr td.dt-ordering-desc{padding-right:4px}table.dataTable.table-sm>thead>tr th.dt-orderable-asc span.dt-column-order,table.dataTable.table-sm>thead>tr th.dt-orderable-desc span.dt-column-order,table.dataTable.table-sm>thead>tr th.dt-ordering-asc span.dt-column-order,table.dataTable.table-sm>thead>tr th.dt-ordering-desc span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-orderable-asc span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-orderable-desc span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-ordering-asc span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-ordering-desc span.dt-column-order{right:4px}table.dataTable.table-sm>thead>tr th.dt-type-date span.dt-column-order,table.dataTable.table-sm>thead>tr th.dt-type-numeric span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-type-date span.dt-column-order,table.dataTable.table-sm>thead>tr td.dt-type-numeric span.dt-column-order{left:4px}div.dt-scroll-head table.table-bordered{border-bottom-width:0}div.table-responsive>div.dt-container>div.row{margin:0}div.table-responsive>div.dt-container>div.row>div[class^=col-]:first-child{padding-left:0}div.table-responsive>div.dt-container>div.row>div[class^=col-]:last-child{padding-right:0} +:root{--dt-row-selected: 2, 117, 216;--dt-row-selected-text: 255, 255, 255;--dt-row-selected-link: 228, 228, 228;--dt-row-stripe: 0, 0, 0;--dt-row-hover: 0, 0, 0;--dt-column-ordering: 0, 0, 0;--dt-header-align-items: center;--dt-header-vertical-align: middle;--dt-html-background: white}:root.dark{--dt-html-background: rgb(33, 37, 41)}table.dataTable tbody td.dt-control{text-align:center;cursor:pointer}table.dataTable tbody td.dt-control:before{display:inline-block;box-sizing:border-box;content:"";border-top:5px solid transparent;border-left:10px solid rgba(0, 0, 0, 0.5);border-bottom:5px solid transparent;border-right:0px solid transparent}table.dataTable tbody tr.dt-hasChild td.dt-control:before{border-top:10px solid rgba(0, 0, 0, 0.5);border-left:5px solid transparent;border-bottom:0px solid transparent;border-right:5px solid transparent}table.dataTable tfoot:empty{display:none}html.dark table.dataTable td.dt-control:before,:root[data-bs-theme=dark] table.dataTable td.dt-control:before,:root[data-theme=dark] table.dataTable td.dt-control:before{border-left-color:rgba(255, 255, 255, 0.5)}html.dark table.dataTable tr.dt-hasChild td.dt-control:before,:root[data-bs-theme=dark] table.dataTable tr.dt-hasChild td.dt-control:before,:root[data-theme=dark] table.dataTable tr.dt-hasChild td.dt-control:before{border-top-color:rgba(255, 255, 255, 0.5);border-left-color:transparent}div.dt-scroll{width:100%}div.dt-scroll-body thead tr,div.dt-scroll-body tfoot tr{height:0}div.dt-scroll-body thead tr th,div.dt-scroll-body thead tr td,div.dt-scroll-body tfoot tr th,div.dt-scroll-body tfoot tr td{height:0 !important;padding-top:0px !important;padding-bottom:0px !important;border-top-width:0px !important;border-bottom-width:0px !important}div.dt-scroll-body thead tr th div.dt-scroll-sizing,div.dt-scroll-body thead tr td div.dt-scroll-sizing,div.dt-scroll-body tfoot tr th div.dt-scroll-sizing,div.dt-scroll-body tfoot tr td div.dt-scroll-sizing{height:0 !important;overflow:hidden !important}table.dataTable thead>tr>th:active,table.dataTable thead>tr>td:active{outline:none}table.dataTable thead>tr>th.dt-orderable-asc .dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-asc .dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-asc .dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-asc .dt-column-order:before{position:absolute;display:block;bottom:50%;content:"▲";content:"▲"/""}table.dataTable thead>tr>th.dt-orderable-desc .dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-desc .dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-desc .dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-desc .dt-column-order:after{position:absolute;display:block;top:50%;content:"▼";content:"▼"/""}table.dataTable thead>tr>th.dt-orderable-asc .dt-column-order,table.dataTable thead>tr>th.dt-orderable-desc .dt-column-order,table.dataTable thead>tr>th.dt-ordering-asc .dt-column-order,table.dataTable thead>tr>th.dt-ordering-desc .dt-column-order,table.dataTable thead>tr>td.dt-orderable-asc .dt-column-order,table.dataTable thead>tr>td.dt-orderable-desc .dt-column-order,table.dataTable thead>tr>td.dt-ordering-asc .dt-column-order,table.dataTable thead>tr>td.dt-ordering-desc .dt-column-order{position:relative;width:12px;height:20px}table.dataTable thead>tr>th.dt-orderable-asc .dt-column-order:before,table.dataTable thead>tr>th.dt-orderable-asc .dt-column-order:after,table.dataTable thead>tr>th.dt-orderable-desc .dt-column-order:before,table.dataTable thead>tr>th.dt-orderable-desc .dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-asc .dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-asc .dt-column-order:after,table.dataTable thead>tr>th.dt-ordering-desc .dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-desc .dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-asc .dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-asc .dt-column-order:after,table.dataTable thead>tr>td.dt-orderable-desc .dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-desc .dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-asc .dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-asc .dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-desc .dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-desc .dt-column-order:after{left:0;opacity:.125;line-height:9px;font-size:.8em}table.dataTable thead>tr>th.dt-orderable-asc,table.dataTable thead>tr>th.dt-orderable-desc,table.dataTable thead>tr>td.dt-orderable-asc,table.dataTable thead>tr>td.dt-orderable-desc{cursor:pointer}table.dataTable thead>tr>th.dt-orderable-asc:hover,table.dataTable thead>tr>th.dt-orderable-desc:hover,table.dataTable thead>tr>td.dt-orderable-asc:hover,table.dataTable thead>tr>td.dt-orderable-desc:hover{outline:2px solid rgba(0, 0, 0, 0.05);outline-offset:-2px}table.dataTable thead>tr>th.dt-ordering-asc .dt-column-order:before,table.dataTable thead>tr>th.dt-ordering-desc .dt-column-order:after,table.dataTable thead>tr>td.dt-ordering-asc .dt-column-order:before,table.dataTable thead>tr>td.dt-ordering-desc .dt-column-order:after{opacity:.6}table.dataTable thead>tr>th.dt-orderable-none:not(.dt-ordering-asc,.dt-ordering-desc) .dt-column-order:empty,table.dataTable thead>tr>th.sorting_desc_disabled .dt-column-order:after,table.dataTable thead>tr>th.sorting_asc_disabled .dt-column-order:before,table.dataTable thead>tr>td.dt-orderable-none:not(.dt-ordering-asc,.dt-ordering-desc) .dt-column-order:empty,table.dataTable thead>tr>td.sorting_desc_disabled .dt-column-order:after,table.dataTable thead>tr>td.sorting_asc_disabled .dt-column-order:before{display:none}table.dataTable thead>tr>th:active,table.dataTable thead>tr>td:active{outline:none}table.dataTable thead>tr>th div.dt-column-header,table.dataTable thead>tr>th div.dt-column-footer,table.dataTable thead>tr>td div.dt-column-header,table.dataTable thead>tr>td div.dt-column-footer,table.dataTable tfoot>tr>th div.dt-column-header,table.dataTable tfoot>tr>th div.dt-column-footer,table.dataTable tfoot>tr>td div.dt-column-header,table.dataTable tfoot>tr>td div.dt-column-footer{display:flex;justify-content:space-between;align-items:var(--dt-header-align-items);gap:4px}table.dataTable thead>tr>th div.dt-column-header .dt-column-title,table.dataTable thead>tr>th div.dt-column-footer .dt-column-title,table.dataTable thead>tr>td div.dt-column-header .dt-column-title,table.dataTable thead>tr>td div.dt-column-footer .dt-column-title,table.dataTable tfoot>tr>th div.dt-column-header .dt-column-title,table.dataTable tfoot>tr>th div.dt-column-footer .dt-column-title,table.dataTable tfoot>tr>td div.dt-column-header .dt-column-title,table.dataTable tfoot>tr>td div.dt-column-footer .dt-column-title{flex-grow:1}table.dataTable thead>tr>th div.dt-column-header .dt-column-title:empty,table.dataTable thead>tr>th div.dt-column-footer .dt-column-title:empty,table.dataTable thead>tr>td div.dt-column-header .dt-column-title:empty,table.dataTable thead>tr>td div.dt-column-footer .dt-column-title:empty,table.dataTable tfoot>tr>th div.dt-column-header .dt-column-title:empty,table.dataTable tfoot>tr>th div.dt-column-footer .dt-column-title:empty,table.dataTable tfoot>tr>td div.dt-column-header .dt-column-title:empty,table.dataTable tfoot>tr>td div.dt-column-footer .dt-column-title:empty{display:none}div.dt-scroll-body>table.dataTable>thead>tr>th,div.dt-scroll-body>table.dataTable>thead>tr>td{overflow:hidden}:root.dark table.dataTable thead>tr>th.dt-orderable-asc:hover,:root.dark table.dataTable thead>tr>th.dt-orderable-desc:hover,:root.dark table.dataTable thead>tr>td.dt-orderable-asc:hover,:root.dark table.dataTable thead>tr>td.dt-orderable-desc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>th.dt-orderable-asc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>th.dt-orderable-desc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>td.dt-orderable-asc:hover,:root[data-bs-theme=dark] table.dataTable thead>tr>td.dt-orderable-desc:hover{outline:2px solid rgba(255, 255, 255, 0.05)}div.dt-processing{position:absolute;top:50%;left:50%;width:200px;margin-left:-100px;margin-top:-22px;text-align:center;padding:2px;z-index:10}div.dt-processing>div:last-child{position:relative;width:80px;height:15px;margin:1em auto}div.dt-processing>div:last-child>div{position:absolute;top:0;width:13px;height:13px;border-radius:50%;background:rgb(2, 117, 216);background:rgb(var(--dt-row-selected));animation-timing-function:cubic-bezier(0, 1, 1, 0)}div.dt-processing>div:last-child>div:nth-child(1){left:8px;animation:datatables-loader-1 .6s infinite}div.dt-processing>div:last-child>div:nth-child(2){left:8px;animation:datatables-loader-2 .6s infinite}div.dt-processing>div:last-child>div:nth-child(3){left:32px;animation:datatables-loader-2 .6s infinite}div.dt-processing>div:last-child>div:nth-child(4){left:56px;animation:datatables-loader-3 .6s infinite}@keyframes datatables-loader-1{0%{transform:scale(0)}100%{transform:scale(1)}}@keyframes datatables-loader-3{0%{transform:scale(1)}100%{transform:scale(0)}}@keyframes datatables-loader-2{0%{transform:translate(0, 0)}100%{transform:translate(24px, 0)}}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable th,table.dataTable td{box-sizing:border-box}table.dataTable th.dt-type-numeric,table.dataTable th.dt-type-date,table.dataTable td.dt-type-numeric,table.dataTable td.dt-type-date{text-align:right}table.dataTable th.dt-type-numeric div.dt-column-header,table.dataTable th.dt-type-numeric div.dt-column-footer,table.dataTable th.dt-type-date div.dt-column-header,table.dataTable th.dt-type-date div.dt-column-footer,table.dataTable td.dt-type-numeric div.dt-column-header,table.dataTable td.dt-type-numeric div.dt-column-footer,table.dataTable td.dt-type-date div.dt-column-header,table.dataTable td.dt-type-date div.dt-column-footer{flex-direction:row-reverse}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-left div.dt-column-header,table.dataTable th.dt-left div.dt-column-footer,table.dataTable td.dt-left div.dt-column-header,table.dataTable td.dt-left div.dt-column-footer{flex-direction:row}table.dataTable th.dt-center,table.dataTable td.dt-center{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-right div.dt-column-header,table.dataTable th.dt-right div.dt-column-footer,table.dataTable td.dt-right div.dt-column-header,table.dataTable td.dt-right div.dt-column-footer{flex-direction:row-reverse}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-justify div.dt-column-header,table.dataTable th.dt-justify div.dt-column-footer,table.dataTable td.dt-justify div.dt-column-header,table.dataTable td.dt-justify div.dt-column-footer{flex-direction:row}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable th.dt-empty,table.dataTable td.dt-empty{text-align:center;vertical-align:top}table.dataTable thead th,table.dataTable thead td,table.dataTable tfoot th,table.dataTable tfoot td{text-align:left;vertical-align:var(--dt-header-vertical-align)}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-left div.dt-column-header,table.dataTable thead th.dt-head-left div.dt-column-footer,table.dataTable thead td.dt-head-left div.dt-column-header,table.dataTable thead td.dt-head-left div.dt-column-footer,table.dataTable tfoot th.dt-head-left div.dt-column-header,table.dataTable tfoot th.dt-head-left div.dt-column-footer,table.dataTable tfoot td.dt-head-left div.dt-column-header,table.dataTable tfoot td.dt-head-left div.dt-column-footer{flex-direction:row}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-right div.dt-column-header,table.dataTable thead th.dt-head-right div.dt-column-footer,table.dataTable thead td.dt-head-right div.dt-column-header,table.dataTable thead td.dt-head-right div.dt-column-footer,table.dataTable tfoot th.dt-head-right div.dt-column-header,table.dataTable tfoot th.dt-head-right div.dt-column-footer,table.dataTable tfoot td.dt-head-right div.dt-column-header,table.dataTable tfoot td.dt-head-right div.dt-column-footer{flex-direction:row-reverse}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-justify div.dt-column-header,table.dataTable thead th.dt-head-justify div.dt-column-footer,table.dataTable thead td.dt-head-justify div.dt-column-header,table.dataTable thead td.dt-head-justify div.dt-column-footer,table.dataTable tfoot th.dt-head-justify div.dt-column-header,table.dataTable tfoot th.dt-head-justify div.dt-column-footer,table.dataTable tfoot td.dt-head-justify div.dt-column-header,table.dataTable tfoot td.dt-head-justify div.dt-column-footer{flex-direction:row}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable.table{clear:both;max-width:none;border-spacing:0;margin-bottom:0}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1){background-color:transparent}table.dataTable.table>tbody>tr{background-color:transparent}table.dataTable.table>tbody>tr.selected>*{box-shadow:inset 0 0 0 9999px rgb(2, 117, 216);box-shadow:inset 0 0 0 9999px rgb(var(--dt-row-selected));color:rgb(255, 255, 255);color:rgb(var(--dt-row-selected-text))}table.dataTable.table>tbody>tr.selected a{color:rgb(228, 228, 228);color:rgb(var(--dt-row-selected-link))}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1)>*{box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-stripe), 0.05)}table.dataTable.table.table-striped>tbody>tr:nth-of-type(2n+1).selected>*{box-shadow:inset 0 0 0 9999px rgba(2, 117, 216, 0.95);box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-selected), 0.95)}table.dataTable.table.table-hover>tbody>tr:hover>*{box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-hover), 0.075)}table.dataTable.table.table-hover>tbody>tr.selected:hover>*{box-shadow:inset 0 0 0 9999px rgba(2, 117, 216, 0.975);box-shadow:inset 0 0 0 9999px rgba(var(--dt-row-selected), 0.975)}div.dt-container div.dt-layout-start>*:not(:last-child){margin-right:1em}div.dt-container div.dt-layout-end>*:not(:first-child){margin-left:1em}div.dt-container div.dt-layout-full{width:100%}div.dt-container div.dt-layout-full>*:only-child{margin-left:auto;margin-right:auto}div.dt-container div.dt-layout-table>div{display:block !important}@media screen and (max-width: 767px){div.dt-container div.dt-layout-start>*:not(:last-child){margin-right:0}div.dt-container div.dt-layout-end>*:not(:first-child){margin-left:0}}div.dt-container{position:relative}div.dt-container>div.row{margin-bottom:.5rem}div.dt-container>div.row:last-child{margin-bottom:0}div.dt-container div.dt-length label{font-weight:normal;text-align:left;white-space:nowrap;margin-bottom:0}div.dt-container div.dt-length select{width:auto;display:inline-block;margin-right:.5em}div.dt-container div.dt-search label{font-weight:normal;white-space:nowrap;text-align:left;margin-bottom:0}div.dt-container div.dt-search input{margin-left:.5em;display:inline-block;width:auto}div.dt-container div.dt-info{white-space:nowrap}div.dt-container div.dt-paging{margin:0}div.dt-container div.dt-paging ul.pagination{margin:0;flex-wrap:wrap}div.dt-container div.dt-processing{position:absolute;top:50%;left:50%;width:200px;margin-left:-100px;margin-top:-26px;text-align:center;padding:1em 0}div.dt-container div.dt-scroll-body{border-bottom:1px solid #dee2e6}div.dt-container div.dt-scroll-body table,div.dt-container div.dt-scroll-body tbody>tr:last-child>*{border-bottom:none}div.dt-scroll-head table.dataTable{margin-bottom:0 !important}div.dt-scroll-body>table{border-top:none;margin-top:0 !important;margin-bottom:0 !important}div.dt-scroll-body>table thead .dt-orderable-asc:before,div.dt-scroll-body>table thead .dt-orderable-desc:after{display:none}div.dt-scroll-body>table>tbody tr:first-child th,div.dt-scroll-body>table>tbody tr:first-child td{border-top:none}div.dt-scroll-foot>.dt-scroll-footInner{box-sizing:content-box}div.dt-scroll-foot>.dt-scroll-footInner>table{margin-top:0 !important;border-top:none}@media screen and (max-width: 767px){div.dt-container div.dt-length,div.dt-container div.dt-search,div.dt-container div.dt-info,div.dt-container div.dt-paging{text-align:center}div.dt-container div.row{margin-bottom:0}div.dt-container div.row>*{margin-bottom:.5rem}div.dt-container div.dt-paging ul.pagination{justify-content:center !important}}table.dataTable.table-sm>thead>tr th.dt-orderable-asc,table.dataTable.table-sm>thead>tr th.dt-orderable-desc,table.dataTable.table-sm>thead>tr th.dt-ordering-asc,table.dataTable.table-sm>thead>tr th.dt-ordering-desc,table.dataTable.table-sm>thead>tr td.dt-orderable-asc,table.dataTable.table-sm>thead>tr td.dt-orderable-desc,table.dataTable.table-sm>thead>tr td.dt-ordering-asc,table.dataTable.table-sm>thead>tr td.dt-ordering-desc{padding-right:4px}table.dataTable.table-sm>thead>tr th.dt-orderable-asc .dt-column-order,table.dataTable.table-sm>thead>tr th.dt-orderable-desc .dt-column-order,table.dataTable.table-sm>thead>tr th.dt-ordering-asc .dt-column-order,table.dataTable.table-sm>thead>tr th.dt-ordering-desc .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-orderable-asc .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-orderable-desc .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-ordering-asc .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-ordering-desc .dt-column-order{right:4px}table.dataTable.table-sm>thead>tr th.dt-type-date .dt-column-order,table.dataTable.table-sm>thead>tr th.dt-type-numeric .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-type-date .dt-column-order,table.dataTable.table-sm>thead>tr td.dt-type-numeric .dt-column-order{left:4px}div.dt-scroll-head table.table-bordered{border-bottom-width:0}div.table-responsive>div.dt-container>div.row{margin:0}div.table-responsive>div.dt-container>div.row>div[class^=col-]:first-child{padding-left:0}div.table-responsive>div.dt-container>div.row>div[class^=col-]:last-child{padding-right:0} diff --git a/plugins/DataTables/datatables.min.js b/plugins/DataTables/datatables.min.js index 8632b1ce..6b8f3f93 100644 --- a/plugins/DataTables/datatables.min.js +++ b/plugins/DataTables/datatables.min.js @@ -4,19 +4,19 @@ * * To rebuild or modify this file with the latest versions of the included * software please visit: - * https://datatables.net/download/#bs4/dt-2.3.4 + * https://datatables.net/download/#bs4/dt-2.3.7 * * Included libraries: - * DataTables 2.3.4 + * DataTables 2.3.7 */ -/*! DataTables 2.3.4 +/*! DataTables 2.3.7 * © SpryMedia Ltd - datatables.net/license */ -!function(n){"use strict";var r;"function"==typeof define&&define.amd?define(["jquery"],function(e){return n(e,window,document)}):"object"==typeof exports?(r=require("jquery"),"undefined"==typeof window?module.exports=function(e,t){return e=e||window,t=t||r(e),n(t,e,e.document)}:module.exports=n(r,window,window.document)):window.DataTable=n(jQuery,window,document)}(function(H,W,S){"use strict";function f(e){var t=parseInt(e,10);return!isNaN(t)&&isFinite(e)?t:null}function c(e,t,n,r){var a=typeof e,o="string"==a;return"number"==a||"bigint"==a||!(!r||!_(e))||(t&&o&&(e=E(e,t)),n&&o&&(e=e.replace(P,"")),!isNaN(parseFloat(e))&&isFinite(e))}function n(e,t,n,r){var a;return!(!r||!_(e))||("string"!=typeof e||!e.match(/<(input|select)/i))&&(_(a=e)||"string"==typeof a)&&!!c(w(e),t,n,r)||null}function v(e,t,n,r){var a=[],o=0,i=t.length;if(void 0!==r)for(;o").prependTo(this),fastData:function(e,t,n){return q(c,e,t,n)}}),n=(c.nTable=this,c.oInit=t,o.push(c),c.api=new X(c),c.oInstance=1===E.length?E:a.dataTable(),Q(t),t.aLengthMenu&&!t.iDisplayLength&&(t.iDisplayLength=Array.isArray(t.aLengthMenu[0])?t.aLengthMenu[0][0]:H.isPlainObject(t.aLengthMenu[0])?t.aLengthMenu[0].value:t.aLengthMenu[0]),t=tt(H.extend(!0,{},r),t),$(c.oFeatures,t,["bPaginate","bLengthChange","bFilter","bSort","bSortMulti","bInfo","bProcessing","bAutoWidth","bSortClasses","bServerSide","bDeferRender"]),$(c,t,["ajax","fnFormatNumber","sServerMethod","aaSorting","aaSortingFixed","aLengthMenu","sPaginationType","iStateDuration","bSortCellsTop","iTabIndex","sDom","fnStateLoadCallback","fnStateSaveCallback","renderer","searchDelay","rowId","caption","layout","orderDescReverse","orderIndicators","orderHandler","titleRow","typeDetect",["iCookieDuration","iStateDuration"],["oSearch","oPreviousSearch"],["aoSearchCols","aoPreSearchCols"],["iDisplayLength","_iDisplayLength"]]),$(c.oScroll,t,[["sScrollX","sX"],["sScrollXInner","sXInner"],["sScrollY","sY"],["bScrollCollapse","bCollapse"]]),$(c.oLanguage,t,"fnInfoCallback"),Y(c,"aoDrawCallback",t.fnDrawCallback),Y(c,"aoStateSaveParams",t.fnStateSaveParams),Y(c,"aoStateLoadParams",t.fnStateLoadParams),Y(c,"aoStateLoaded",t.fnStateLoaded),Y(c,"aoRowCallback",t.fnRowCallback),Y(c,"aoRowCreatedCallback",t.fnCreatedRow),Y(c,"aoHeaderCallback",t.fnHeaderCallback),Y(c,"aoFooterCallback",t.fnFooterCallback),Y(c,"aoInitComplete",t.fnInitComplete),Y(c,"aoPreDrawCallback",t.fnPreDrawCallback),c.rowIdFn=U(t.rowId),t.on&&Object.keys(t.on).forEach(function(e){lt(a,e,t.on[e])}),c),d=(V.__browser||(f={},V.__browser=f,p=H("
    ").css({position:"fixed",top:0,left:-1*W.pageXOffset,height:1,width:1,overflow:"hidden"}).append(H("
    ").css({position:"absolute",top:1,left:1,width:100,overflow:"scroll"}).append(H("
    ").css({width:"100%",height:10}))).appendTo("body"),d=p.children(),u=d.children(),f.barWidth=d[0].offsetWidth-d[0].clientWidth,f.bScrollbarLeft=1!==Math.round(u.offset().left),p.remove()),H.extend(n.oBrowser,V.__browser),n.oScroll.iBarWidth=V.__browser.barWidth,c.oClasses),f=(H.extend(d,V.ext.classes,t.oClasses),a.addClass(d.table),c.oFeatures.bPaginate||(t.iDisplayStart=0),void 0===c.iInitDisplayStart&&(c.iInitDisplayStart=t.iDisplayStart,c._iDisplayStart=t.iDisplayStart),t.iDeferLoading),h=(null!==f&&(c.deferLoading=!0,u=Array.isArray(f),c._iRecordsDisplay=u?f[0]:f,c._iRecordsTotal=u?f[1]:f),[]),p=this.getElementsByTagName("thead"),n=Ne(c,p[0]);if(t.aoColumns)h=t.aoColumns;else if(n.length)for(j=n[e=0].length;e").appendTo(a):n).html(c.caption),n.length&&(n[0]._captionSide=n.css("caption-side"),c.captionNode=n[0]),0===p.length&&(p=H("
    ").appendTo(a)),c.nTHead=p[0],a.children("tbody")),n=(0===n.length&&(n=H("").insertAfter(p)),c.nTBody=n[0],a.children("tfoot")),R=(0===n.length&&(n=H("").appendTo(a)),c.nTFoot=n[0],c.aiDisplay=c.aiDisplayMaster.slice(),c.bInitialised=!0,c.oLanguage);H.extend(!0,R,t.oLanguage),R.sUrl?H.ajax({dataType:"json",url:R.sUrl,success:function(e){B(r.oLanguage,e),H.extend(!0,R,e,c.oInit.oLanguage),G(c,null,"i18n",[c],!0),He(c)},error:function(){z(c,0,"i18n file loading error",21),He(c)}}):(G(c,null,"i18n",[c],!0),He(c))}}),E=null,this)},d=(V.ext=T={builder:"bs4/dt-2.3.4",buttons:{},ccContent:{},classes:{},errMode:"alert",escape:{attributes:!1},feature:[],features:{},search:[],selector:{cell:[],column:[],row:[]},legacy:{ajax:null},pager:{},renderer:{pageButton:{},header:{}},order:{},type:{className:{},detect:[],render:{},search:{},order:{}},_unique:0,fnVersionCheck:V.fnVersionCheck,iApiIndex:0,sVersion:V.version},H.extend(T,{afnFiltering:T.search,aTypes:T.type.detect,ofnSearch:T.type.search,oSort:T.type.order,afnSortData:T.order,aoFeatures:T.feature,oStdClasses:T.classes,oPagination:T.pager}),H.extend(V.ext.classes,{container:"dt-container",empty:{row:"dt-empty"},info:{container:"dt-info"},layout:{row:"dt-layout-row",cell:"dt-layout-cell",tableRow:"dt-layout-table",tableCell:"",start:"dt-layout-start",end:"dt-layout-end",full:"dt-layout-full"},length:{container:"dt-length",select:"dt-input"},order:{canAsc:"dt-orderable-asc",canDesc:"dt-orderable-desc",isAsc:"dt-ordering-asc",isDesc:"dt-ordering-desc",none:"dt-orderable-none",position:"sorting_"},processing:{container:"dt-processing"},scrolling:{body:"dt-scroll-body",container:"dt-scroll",footer:{self:"dt-scroll-foot",inner:"dt-scroll-footInner"},header:{self:"dt-scroll-head",inner:"dt-scroll-headInner"}},search:{container:"dt-search",input:"dt-input"},table:"dataTable",tbody:{cell:"",row:""},thead:{cell:"",row:""},tfoot:{cell:"",row:""},paging:{active:"current",button:"dt-paging-button",container:"dt-paging",disabled:"disabled",nav:""}}),{}),N=/[\r\n\u2028]/g,F=/<([^>]*>)/g,O=Math.pow(2,28),j=/^\d{2,4}[./-]\d{1,2}[./-]\d{1,2}([T ]{1}\d{1,2}[:.]\d{2}([.:]\d{2})?)?$/,R=new RegExp("(\\"+["/",".","*","+","?","|","(",")","[","]","{","}","\\","$","^","-"].join("|\\")+")","g"),P=/['\u00A0,$£€¥%\u2009\u202F\u20BD\u20a9\u20BArfkɃΞ]/gi,_=function(e){return!e||!0===e||"-"===e},E=function(e,t){return d[t]||(d[t]=new RegExp(Ee(t),"g")),"string"==typeof e&&"."!==t?e.replace(/\./g,"").replace(d[t],"."):e},b=function(e,t,n){var r=[],a=0,o=e.length;if(void 0!==n)for(;aO)throw new Error("Exceeded max str len");var t;for(e=e.replace(F,"");(e=(t=e).replace(/
    - - + + - +
    - +