AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes

This commit is contained in:
johnnyq 2023-03-11 16:16:46 -05:00
parent 75da31d991
commit 48fe49cf77
164 changed files with 2154 additions and 2794 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
accounts.php
View File

@ -12,7 +12,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, '
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM accounts
WHERE account_name LIKE '%$q%' AND company_id = $session_company_id
WHERE account_name LIKE '%$q%'
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
@ -37,7 +37,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

26
ajax.php
View File

@ -70,7 +70,7 @@ if (isset($_GET['certificate_get_json_details'])) {
}
// Get all domains for this client that could be linked to this certificate
$domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = '$client_id' AND company_id = '$session_company_id'");
$domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = $client_id");
while ($row = mysqli_fetch_array($domains_sql)) {
$response['domains'][] = $row;
}
@ -113,7 +113,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'");
WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
//Do nothing.
@ -144,7 +144,7 @@ if (isset($_GET['network_get_json_details'])) {
$locations_sql = mysqli_query(
$mysqli,
"SELECT location_id, location_name FROM locations
WHERE location_client_id = '$client_id' AND company_id = '$session_company_id'"
WHERE location_client_id = '$client_id'"
);
while ($row = mysqli_fetch_array($locations_sql)) {
$response['locations'][] = $row;
@ -158,10 +158,10 @@ if (isset($_POST['client_set_notes'])) {
$notes = sanitizeInput($_POST['notes']);
// Update notes
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'");
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = $client_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
}
@ -173,7 +173,7 @@ if (isset($_POST['contact_set_notes'])) {
mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
}
@ -185,7 +185,7 @@ if (isset($_POST['contact_set_notes'])) {
if (isset($_GET['ticket_add_view'])) {
$ticket_id = intval($_GET['ticket_id']);
mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = '$ticket_id', view_user_id = '$session_user_id', view_timestamp = NOW()");
mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = $ticket_id, view_user_id = $session_user_id, view_timestamp = NOW()");
}
/*
@ -196,7 +196,7 @@ if (isset($_GET['ticket_add_view'])) {
if (isset($_GET['ticket_query_views'])) {
$ticket_id = intval($_GET['ticket_id']);
$query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = '$ticket_id' AND view_user_id != '$session_user_id' AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
$query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = $ticket_id AND view_user_id != $session_user_id AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
while ($row = mysqli_fetch_array($query)) {
$users[] = $row['user_name'];
}
@ -236,17 +236,17 @@ if (isset($_GET['share_generate_link'])) {
$item_key = randomString(156);
if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['document_name']);
}
if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['file_name']);
}
if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = $item_id AND login_client_id = $client_id LIMIT 1");
$row = mysqli_fetch_array($login);
$item_name = sanitizeInput($row['login_name']);
@ -266,7 +266,7 @@ if (isset($_GET['share_generate_link'])) {
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = '$item_expires', item_client_id = $client_id");
$share_id = $mysqli->insert_id;
// Return URL
@ -279,7 +279,7 @@ if (isset($_GET['share_generate_link'])) {
echo json_encode($url);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = $client_id, log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
}

6
api/v1/assets/create.php
View File

@ -11,14 +11,14 @@ $insert_id = false;
if (!empty($name) && !empty($client_id)) {
// Insert into Database
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
}
}

6
api/v1/assets/delete.php
View File

@ -10,17 +10,17 @@ $asset_id = intval($_POST['asset_id']);
$delete_count = false;
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"));
$asset_name = $row['asset_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
// Check delete & get affected rows
if ($delete_sql && !empty($asset_name)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
}
}

41
api/v1/assets/read.php
View File

@ -1,41 +0,0 @@
<?php
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Asset via ID (single)
if (isset($_GET['asset_id'])) {
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
} elseif (isset($_GET['asset_type'])) {
// Asset query via type
$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['asset_name'])) {
// Asset query via name
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['asset_serial'])) {
// Asset query via serial
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Asset query via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// All assets
else {
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Output
require_once("../read_output.php");

8
api/v1/assets/update.php
View File

@ -11,20 +11,20 @@ $update_count = false;
if (!empty($asset_id)) {
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
// Check insert & get insert ID
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
}
}

8
api/v1/certificates/read.php
View File

@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific certificate via ID (single)
if (isset($_GET['certificate_id'])) {
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id'");
} elseif (isset($_GET['certificate_name'])) {
// Certificate by name
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Certificate via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} else {
// All certificates
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Output

6
api/v1/clients/read.php
View File

@ -6,18 +6,18 @@ require_once('../require_get_method.php');
// Specific client via ID (single)
if (isset($_GET['client_id'])) {
$id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id'");
} elseif (isset($_GET['client_name'])) {
// Specific client via name (single)
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");
} else {
// All clients
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
}
// Output

6
api/v1/contacts/create.php
View File

@ -17,14 +17,14 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
if (mysqli_num_rows($email_duplication_sql) == 0) {
// Insert contact
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id");
// Check insert & get insert ID
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
}
}

6
api/v1/contacts/delete.php
View File

@ -10,17 +10,17 @@ $contact_id = intval($_POST['contact_id']);
$delete_count = false;
if (!empty($contact_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1"));
$contact_name = $row['contact_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1");
// Check delete & get affected rows
if ($delete_sql && !empty($contact_name)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
}
}

6
api/v1/contacts/read.php
View File

@ -6,18 +6,18 @@ require_once('../require_get_method.php');
// Specific contact via ID (single)
if (isset($_GET['contact_id'])) {
$id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id'");
} elseif (isset($_GET['contact_email'])) {
// Specific contact via email (single)
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");
} else {
// All contacts
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
}
// Output

8
api/v1/contacts/update.php
View File

@ -11,20 +11,20 @@ $update_count = false;
if (!empty($contact_id)) {
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('contact_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
}
}

4
api/v1/documents/read.php
View File

@ -7,12 +7,12 @@ if (isset($_GET['document_id'])) {
// Document via ID (single)
$id = intval($_GET['document_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
} else {
// All documents
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
}
// Output

8
api/v1/domains/read.php
View File

@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific domain via ID (single)
if (isset($_GET['domain_id'])) {
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id'");
} elseif (isset($_GET['domain_name'])) {
// Domain by name
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Domain via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} else {
// All domains
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/expenses/read.php
View File

@ -9,12 +9,12 @@ if (isset($_GET['expense_id']) && $client_id == "%") {
// Expense via ID (single)
$id = intval($_GET['expense_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id'");
} elseif ($client_id == "%") {
// All expenses
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM expenses ORDER BY expense_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/invoices/read.php
View File

@ -7,12 +7,12 @@ if (isset($_GET['invoice_id'])) {
// Invoice via ID (single)
$id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");
} else {
// All invoices
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
}
// Output

8
api/v1/networks/read.php
View File

@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific network via ID (single)
if (isset($_GET['network_id'])) {
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id'");
} elseif (isset($_GET['network_name'])) {
// Network by name
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Network via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} else {
// All networks
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Output

6
api/v1/payments/read.php
View File

@ -10,18 +10,18 @@ if (isset($_GET['payment_id']) && $client_id == "%") {
// Payment via ID (single)
$id = intval($_GET['payment_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
// Payments for an invoice
$id = intval($_GET['payment_invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
} elseif ($client_id == "%") {
// All payments
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE company_id = '$company_id' ORDER BY payment_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/products/read.php
View File

@ -9,12 +9,12 @@ if (isset($_GET['product_id']) && $client_id == "%") {
// product via ID (single)
$id = intval($_GET['product_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");
} elseif ($client_id == "%") {
// All products
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/quotes/read.php
View File

@ -7,12 +7,12 @@ if (isset($_GET['quote_id'])) {
// quote via ID (single)
$id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");
} else {
// All quotes
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
}
// Output

12
api/v1/software/read.php
View File

@ -6,35 +6,35 @@ require_once('../require_get_method.php');
// Specific software via ID (single)
if (isset($_GET['software_id'])) {
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id'");
} elseif (isset($_GET['software_key'])) {
// Specific software via key
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['software_name'])) {
// Software by name
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['software_type'])) {
// Software via type
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Software via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} else {
// All software(s)
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/tickets/read.php
View File

@ -6,12 +6,12 @@ require_once('../require_get_method.php');
// Specific ticket via ID (single)
if (isset($_GET['ticket_id'])) {
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'");
} else {
// All tickets
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
}
// Output

15
api/v1/validate_api_key.php
View File

@ -17,8 +17,8 @@ header('Content-Type: application/json');
$_POST = json_decode(file_get_contents('php://input'), true);
// Get IP & UA
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = santizeInput(getIP());
$user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']);
// Setup return array
$return_arr = array();
@ -56,15 +56,15 @@ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
// Set API key variable
if (isset($_GET['api_key'])) {
$api_key = $_GET['api_key'];
$api_key = santizeInput($_GET['api_key']);
}
if (isset($_POST['api_key'])) {
$api_key = $_POST['api_key'];
$api_key = santizeInput($_POST['api_key']);
}
// Validate API key
if (isset($api_key)) {
$api_key = mysqli_real_escape_string($mysqli, $api_key);
$api_key = santizeInput($api_key);
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
@ -72,7 +72,7 @@ if (isset($api_key)) {
if (mysqli_num_rows($sql) !== 1) {
// Invalid Key
header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent'");
$return_arr['success'] = "False";
$return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
@ -88,8 +88,7 @@ if (isset($api_key)) {
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$api_key_name = htmlentities($row['api_key_name']);
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];
$client_id = intval($row['api_key_client_id']);
// Set limit & offset for queries
if (isset($_GET['limit'])) {

2
api_key_add_modal.php
View File

@ -61,7 +61,7 @@ $key = randomString(156);
<option value="">- Client -</option>
<option value="0"> ALL CLIENTS </option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); ?>

4
calendar_event_add_modal.php
View File

@ -48,7 +48,7 @@
<option value="">- Calendar -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']);
@ -117,7 +117,7 @@
<option value="">- Client -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);

4
calendar_event_edit_modal.php
View File

@ -50,7 +50,7 @@
<select class="form-control select2" name="calendar" required>
<?php
$sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC");
$sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql_calendars_select)) {
$calendar_id_select = intval($row['calendar_id']);
$calendar_name_select = htmlentities($row['calendar_name']);
@ -116,7 +116,7 @@
<option value="">- Client -</option>
<?php
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC");
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql_clients)) {
$client_id_select = intval($row['client_id']);
$client_name_select = htmlentities($row['client_name']);

20
calendar_events.php
View File

@ -18,18 +18,18 @@ require_once("calendar_add_modal.php");
require_once("category_quick_add_modal.php");
//loop through IDs and create a modal for each
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = $row['event_id'];
$event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']);
$calendar_id = $row['calendar_id'];
$calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']);
$client_id = $row['event_client_id'];
$client_id = intval($row['event_client_id']);
require("calendar_event_edit_modal.php");
@ -70,7 +70,7 @@ while ($row = mysqli_fetch_array($sql)) {
},
events: [
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']);
$event_title = json_encode($row['event_title']);
@ -84,7 +84,7 @@ while ($row = mysqli_fetch_array($sql)) {
}
//Invoices Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id WHERE clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['invoice_id']);
$event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']);
@ -94,7 +94,7 @@ while ($row = mysqli_fetch_array($sql)) {
}
//Quotes Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id WHERE clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['quote_id']);
$event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
@ -104,7 +104,7 @@ while ($row = mysqli_fetch_array($sql)) {
}
//Tickets Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id WHERE clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['ticket_id']);
$event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']);
@ -115,7 +115,7 @@ while ($row = mysqli_fetch_array($sql)) {
}
//Vendors Added Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0 AND clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['vendor_id']);
$client_id = intval($row['client_id']);
@ -126,7 +126,7 @@ while ($row = mysqli_fetch_array($sql)) {
}
//Clients Added
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM clients");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['client_id']);
$event_title = json_encode($row['client_name']);

6
categories.php
View File

@ -21,7 +21,6 @@ $sql = mysqli_query(
WHERE category_name LIKE '%$q%'
AND category_type = '$category'
AND category_archived_at IS NULL
AND company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
@ -34,8 +33,7 @@ $sql_colors_used = mysqli_query(
$mysqli,
"SELECT category_color FROM categories
WHERE category_type = '$category'
AND category_archived_at IS NULL
AND company_id = $session_company_id"
AND category_archived_at IS NULL"
);
while ($color_used_row = mysqli_fetch_array($sql_colors_used)) {
@ -76,7 +74,7 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

30
check_login.php
View File

@ -26,7 +26,7 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
$session_ip = sanitizeInput(getIP());
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$session_user_id = $_SESSION['user_id'];
$session_user_id = intval($_SESSION['user_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
@ -34,8 +34,7 @@ $session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
$session_user_role = intval($row['user_role']);
if ($session_user_role == 3) {
$session_user_role_display = "Administrator";
} elseif ($session_user_role == 2) {
@ -44,22 +43,7 @@ if ($session_user_role == 3) {
$session_user_role_display = "Accountant";
}
//LOAD USER COMPANY ACCESS PERMISSIONS
$session_user_company_access_sql = mysqli_query($mysqli, "SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while ($row = mysqli_fetch_array($session_user_company_access_sql)) {
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',', $session_user_company_access_array);
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if (!in_array($session_company_id, $session_user_company_access_array)) {
session_start();
session_destroy();
header('Location: login.php');
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
@ -67,6 +51,9 @@ $session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
require_once("get_settings.php");
//Detects if using an Apple device and uses Apple Maps instead of google
@ -81,10 +68,7 @@ if ($iPod || $iPhone || $iPad) {
}
//Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL"));
$num_notifications = $row['num'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);

4
client_add_modal.php
View File

@ -64,7 +64,7 @@
<option value="">N/A</option>
<?php
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']); ?>
<option><?php echo $referral; ?></option>
@ -271,7 +271,7 @@
<ul class="list-group">
<?php
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 AND company_id = $session_company_id ORDER BY tag_name ASC");
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']);

2
client_assets.php
View File

@ -129,7 +129,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table border table-hover">
<thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_certificates.php
View File

@ -61,7 +61,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<form id="multi_actions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

20
client_contact_details.php
View File

@ -40,28 +40,28 @@ if (isset($_GET['contact_id'])) {
$auth_method = htmlentities($row['contact_auth_method']);
// Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id AND assets.company_id = $session_company_id ORDER BY asset_name DESC");
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC");
$asset_count = mysqli_num_rows($sql_related_assets);
// Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id AND company_id = $session_company_id ORDER BY login_name DESC");
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id ORDER BY login_name DESC");
$login_count = mysqli_num_rows($sql_related_logins);
// Related Software Query
//$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id ORDER BY software.software_id DESC");
//$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id ORDER BY software.software_id DESC");
$sql_related_software = mysqli_query(
$mysqli,
"SELECT * FROM software_contacts
LEFT JOIN software ON software_contacts.software_id = software.software_id
LEFT JOIN logins on software.software_id = logins.login_software_id
WHERE software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id
WHERE software_contacts.contact_id = $contact_id
ORDER BY software.software_id DESC"
);
$software_count = mysqli_num_rows($sql_related_software);
// Related Tickets Query
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN users on ticket_assigned_to = user_id WHERE ticket_contact_id = $contact_id AND company_id = $session_company_id ORDER BY ticket_id DESC");
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN users on ticket_assigned_to = user_id WHERE ticket_contact_id = $contact_id ORDER BY ticket_id DESC");
$ticket_count = mysqli_num_rows($sql_related_tickets);
?>
@ -79,7 +79,7 @@ if (isset($_GET['contact_id'])) {
<div class="text-center">
<?php if (!empty($contact_photo)) { ?>
<img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
@ -146,7 +146,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
</div>
<div class="card-body">
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead>
<tr>
@ -269,7 +269,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Passwords</h3>
</div>
<div class="card-body">
<div class="table-responsive">
<div class="table-responsive-sm-sm">
<table class="table table-striped table-borderless table-hover">
<thead>
<tr>
@ -370,7 +370,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3>
</div>
<div class="card-body">
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark">
<tr>
@ -465,7 +465,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-life-ring mr-2"></i>Tickets</h3>
</div>
<div class="card-body">
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark">
<tr>

2
client_contact_edit_modal.php
View File

@ -209,7 +209,7 @@
<div class="mb-3 text-center">
<?php if (!empty($contact_photo)) { ?>
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

12
client_contacts.php
View File

@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table border">
<thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
@ -132,19 +132,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$auth_method = htmlentities($row['contact_auth_method']);
// Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id AND company_id = $session_company_id ORDER BY asset_id DESC");
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");
$asset_count = mysqli_num_rows($sql_related_assets);
// Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id AND company_id = $session_company_id ORDER BY login_id DESC");
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id ORDER BY login_id DESC");
$login_count = mysqli_num_rows($sql_related_logins);
// Related Software Query
$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id ORDER BY software.software_id DESC");
$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id ORDER BY software.software_id DESC");
$software_count = mysqli_num_rows($sql_related_software);
// Related Tickets Query
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_contact_id = $contact_id AND company_id = $session_company_id ORDER BY ticket_id DESC");
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_contact_id = $contact_id ORDER BY ticket_id DESC");
$ticket_count = mysqli_num_rows($sql_related_tickets);
?>
@ -153,7 +153,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="text-dark" href="client_contact_details.php?client_id=<?php echo $client_id; ?>&contact_id=<?php echo $contact_id; ?>">
<?php if (!empty($contact_photo)) { ?>
<img class="img-size-50 img-circle" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>">
<img class="img-size-50 img-circle" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>

2
client_document_add_from_template_modal.php
View File

@ -20,7 +20,7 @@
<select class="form-control" name="document_template_id" required>
<option value="">- Select Template -</option>
<?php
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND company_id = $session_company_id AND document_archived_at IS NULL ORDER BY document_name ASC");
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_archived_at IS NULL ORDER BY document_name ASC");
while ($row = mysqli_fetch_array($sql_document_templates)) {
$document_template_id = intval($row['document_id']);
$document_template_name = htmlentities($row['document_name']);

3
client_document_templates.php
View File

@ -23,7 +23,6 @@ $sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_template = 1
AND documents.company_id = $session_company_id
$query_snippet
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
@ -58,7 +57,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

3
client_documents.php
View File

@ -33,7 +33,6 @@ $sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_client_id = $client_id
AND documents.company_id = $session_company_id
AND document_template = 0
AND document_folder_id = $folder
$query_snippet
@ -150,7 +149,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-sm table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_domains.php
View File

@ -48,7 +48,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

4
client_edit_modal.php
View File

@ -59,7 +59,7 @@
<option value="">N/A</option>
<?php
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']);
?>
@ -137,7 +137,7 @@
<?php
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 AND company_id = $session_company_id ORDER BY tag_name ASC");
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']);

4
client_events.php
View File

@ -19,7 +19,7 @@ include("calendar_event_add_modal.php");
include("calendar_add_modal.php");
//loop through IDs and create a modal for each
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']);
@ -68,7 +68,7 @@ while ($row = mysqli_fetch_array($sql)) {
},
events: [
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']);
$event_title = json_encode($row['event_title']);

2
client_file_view_modal.php
View File

@ -9,7 +9,7 @@
</div>
<div style="text-align: center;">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>">
</div>
</div>

8
client_files.php
View File

@ -39,10 +39,10 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3">
<div class="card">
<a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>">
</a>
<div class="card-footer bg-dark text-white p-1" style="text-align: center;">
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-white float-left ml-1"><i class="fa fa-share"></i></a>
<small><?php echo $file_name; ?></small>
@ -86,9 +86,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
?>
<tr>
<td><a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
<td><a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
<td>
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-secondary float-left ml-1"><i class="fa fa-share"></i></a>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
</td>

2
client_invoices.php
View File

@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_location_edit_modal.php
View File

@ -158,7 +158,7 @@
<div class="mb-3" style="text-align: center;">
<?php if (!empty($location_photo)) { ?>
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$location_photo"; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$location_photo"; ?>">
<?php } ?>
</div>

2
client_locations.php
View File

@ -53,7 +53,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_logins.php
View File

@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_logs.php
View File

@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive border">
<div class="table-responsive-sm border">
<table class="table table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_networks.php
View File

@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

14
client_overview.php
View File

@ -2,17 +2,17 @@
require_once("inc_all_client.php");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL AND contacts.company_id = $session_company_id ORDER BY contact_updated_at, contact_created_at DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL ORDER BY contact_updated_at, contact_created_at DESC LIMIT 5");
$sql_important_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND (contact_important = 1 OR contact_billing = 1 OR contact_technical = 1 OR contact_id = $primary_contact) AND contact_archived_at IS NULL AND contacts.company_id = $session_company_id ORDER BY contact_name DESC");
$sql_important_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND (contact_important = 1 OR contact_billing = 1 OR contact_technical = 1 OR contact_id = $primary_contact) AND contact_archived_at IS NULL ORDER BY contact_name DESC");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_template = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_updated_at DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_updated_at DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = $client_id AND document_archived_at IS NULL AND documents.company_id = $session_company_id ORDER BY document_updated_at DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = $client_id AND document_archived_at IS NULL ORDER BY document_updated_at DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id AND tickets.company_id = $session_company_id ORDER BY ticket_updated_at DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id ORDER BY ticket_updated_at DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = $client_id AND company_id = $session_company_id ORDER BY login_updated_at DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = $client_id ORDER BY login_updated_at DESC LIMIT 5");
// Expiring Items
@ -24,7 +24,7 @@ $sql_domains_expiring = mysqli_query(
AND domain_expire != '0000-00-00'
AND domain_archived_at IS NULL
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND company_id = $session_company_id ORDER BY domain_expire DESC"
ORDER BY domain_expire DESC"
);
?>

2
client_payments.php
View File

@ -50,7 +50,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_quotes.php
View File

@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_recurring_invoices.php
View File

@ -51,7 +51,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

4
client_scheduled_tickets.php
View File

@ -1,4 +1,4 @@
<?php
h<?php
// Default Column Sortby Filter
$sb = "scheduled_ticket_subject";
@ -54,7 +54,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<form id="bulk_actions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

2
client_services.php
View File

@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_shared_items.php
View File

@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_software.php
View File

@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_software_add_from_template_modal.php
View File

@ -20,7 +20,7 @@
<select class="form-control" name="software_template_id" required>
<option value="">- Select Template -</option>
<?php
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND company_id = $session_company_id AND software_archived_at IS NULL ORDER BY software_name ASC");
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND software_archived_at IS NULL ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software_templates)){
$software_template_id = intval($row['software_id']);
$software_template_name = htmlentities($row['software_name']);

2
client_tickets.php
View File

@ -58,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

3
client_trips.php
View File

@ -15,7 +15,6 @@ $sql = mysqli_query(
LEFT JOIN users ON trip_user_id = user_id
WHERE (trip_purpose LIKE '%$q%' OR trip_source LIKE '%$q%' OR trip_destination LIKE '%$q%' OR user_name LIKE '%$q%')
AND DATE(trip_date) BETWEEN '$dtf' AND '$dtt'
AND company_id = $session_company_id
AND trip_client_id = $client_id
ORDER BY $sb $o LIMIT $record_from, $record_to");
@ -54,7 +53,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
client_vendors.php
View File

@ -61,7 +61,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

7
clients.php
View File

@ -20,7 +20,6 @@ $sql = mysqli_query(
OR contact_mobile LIKE '%$phone_query%' OR location_address LIKE '%$q%' OR location_city LIKE '%$q%' OR location_state LIKE '%$q%' OR location_zip LIKE '%$q%' OR tag_name LIKE '%$q%')
AND client_archived_at IS NULL
AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt'
AND clients.company_id = $session_company_id
GROUP BY clients.client_id
ORDER BY $sb $o LIMIT $record_from, $record_to
");
@ -86,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-hover table-borderless">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
@ -175,13 +174,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
}
//Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12;

133
companies.php
View File

@ -1,133 +0,0 @@
<?php
// Default Column Sortby Filter
$sb = "company_name";
$o = "ASC";
require_once("inc_all_settings.php");
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM companies, settings
WHERE companies.company_id = settings.company_id
AND (company_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-building mr-2"></i>Companies</h3>
</div>
<div class="card-body">
<div class="alert alert-danger" role="alert">
<b>The multi-company feature is deprecated and should not be used. </b> It will be removed in the near future - please see the <a href="https://forum.itflow.org/d/74-removing-the-multi-company-feature">forum post</a>.
</div>
<hr>
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_address&o=<?php echo $disp; ?>">Address</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_phone&o=<?php echo $disp; ?>">Phone</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_email&o=<?php echo $disp; ?>">Email</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_website&o=<?php echo $disp; ?>">Website</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql)) {
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
$company_locale = htmlentities($row['company_locale']);
$company_currency = htmlentities($row['company_currency']);
$company_initials = htmlentities(initials($company_name));
?>
<tr>
<td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<?php if (!empty($company_logo)) { ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $company_initials; ?></span>
</span>
<br>
<?php } ?>
<div class="text-secondary"><?php echo $company_name; ?></div>
</a>
</td>
<td><?php echo $company_address; ?></td>
<td><?php echo $company_phone; ?></td>
<td><?php echo $company_email; ?></td>
<td><?php echo $company_website; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_company=<?php echo $company_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_company=<?php echo $company_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>
</tr>
<?php
require("company_edit_modal.php");
}
?>
</tbody>
</table>
</div>
<?php require_once("pagination.php"); ?>
</div>
</div>
<?php
require_once("footer.php");

195
company_edit_modal.php
View File

@ -1,195 +0,0 @@
<div class="modal" id="editCompanyModal<?php echo $company_id; ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>Editing company: <strong><?php echo $company_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="company_id" value="<?php echo $company_id; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $company_logo; ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-details<?php echo $company_id; ?>">Details</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-address<?php echo $company_id; ?>">Address</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-contact<?php echo $company_id; ?>">Contact</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-locale<?php echo $company_id; ?>">Locale</a>
</li>
</ul>
<hr>
<div class="tab-content">
<div class="tab-pane fade show active" id="pills-details<?php echo $company_id; ?>">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Company Name" value="<?php echo $company_name; ?>" required>
</div>
</div>
<div class="card col-md-2">
<div class="card-body">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
</div>
<div class="form-group">
<input type="file" class="form-control-file" name="file">
</div>
</div>
<div class="tab-pane fade" id="pills-address<?php echo $company_id; ?>">
<div class="form-group">
<label>Address</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-map-marker-alt"></i></span>
</div>
<input type="text" class="form-control" name="address" placeholder="Street Address" value="<?php echo $company_address; ?>">
</div>
</div>
<div class="form-group">
<label>City</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-city"></i></span>
</div>
<input type="text" class="form-control" name="city" placeholder="City" value="<?php echo $company_city; ?>">
</div>
</div>
<div class="form-group">
<label>State / Province</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<input type="text" class="form-control" name="state" placeholder="State or Province" value="<?php echo $company_state; ?>">
</div>
</div>
<div class="form-group">
<label>Zip / Postal Code</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fab fa-fw fa-usps"></i></span>
</div>
<input type="text" class="form-control" name="zip" placeholder="Zip or Postal Code" value="<?php echo $company_zip; ?>">
</div>
</div>
<div class="form-group">
<label>Country</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<select class="form-control select2" name="country">
<option value="">- Country -</option>
<?php foreach($countries_array as $country_name) { ?>
<option <?php if ($company_country == $country_name) { echo "selected"; } ?>><?php echo $country_name; ?></option>
<?php } ?>
</select>
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-contact<?php echo $company_id; ?>">
<div class="form-group">
<label>Phone</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-phone"></i></span>
</div>
<input type="text" class="form-control" name="phone" placeholder="Phone Number" value="<?php echo $company_phone; ?>">
</div>
</div>
<div class="form-group">
<label>Email</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="email" class="form-control" name="email" placeholder="Email address" value="<?php echo $company_email; ?>">
</div>
</div>
<div class="form-group">
<label>Website</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
</div>
<input type="text" class="form-control" name="website" placeholder="Website address" value="<?php echo $company_website; ?>">
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-locale<?php echo $company_id; ?>">
<div class="form-group">
<label>Locale <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<select class="form-control select2" name="locale" required>
<option value="">- Select a Locale -</option>
<?php foreach($locales_array as $locale_code => $locale_name) { ?>
<option <?php if ($company_locale == $locale_code) { echo "selected"; } ?> value="<?php echo $locale_code; ?>"><?php echo "$locale_code - $locale_name"; ?></option>
<?php } ?>
</select>
</div>
</div>
<div class="form-group">
<label>Currency <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-money-bill"></i></span>
</div>
<select class="form-control select2" name="currency_code" required>
<option value="">- Currency -</option>
<?php foreach($currencies_array as $currency_code => $currency_name) { ?>
<option <?php if ($company_currency == $currency_code) { echo "selected"; } ?> value="<?php echo $currency_code; ?>"><?php echo "$currency_code - $currency_name"; ?></option>
<?php } ?>
</select>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>
</div>
</div>

1358
cron.php
View File

File diff suppressed because it is too large Load Diff

39
cron_ticket_email_parser.php
View File

@ -19,8 +19,6 @@ require_once("config.php");
require_once("functions.php");
// Get settings for the "default" company
$company_id = 1;
$session_company_id = 1;
require_once("get_settings.php");
// Check setting enabled
@ -51,30 +49,30 @@ require_once("plugins/php-mime-mail-parser/src/Parser.php");
// Function to raise a new ticket for a given contact and email them confirmation (if configured)
function addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message) {
function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message) {
// Access global variables
global $mysqli, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_smtp_host, $config_smtp_port, $config_smtp_encryption, $config_smtp_username, $config_smtp_password;
// Get the next Ticket Number and add 1 for the new ticket number
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = $company_id"));
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"));
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']);
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $company_id");
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Prep ticket details
$message = nl2br(htmlentities(strip_tags($message)));
$message = trim(mysqli_real_escape_string($mysqli, "<i>Email from: $contact_email at $date:-</i> <br><br>$message"));
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact_id, ticket_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact_id, ticket_client_id = $client_id");
$id = mysqli_insert_id($mysqli);
// Logging
echo "Created new ticket.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Email parser: Client contact $contact_email created ticket $config_ticket_prefix$ticket_number ($subject) ($id)', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Email parser: Client contact $contact_email created ticket $config_ticket_prefix$ticket_number ($subject) ($id)', log_client_id = $client_id");
// Get company name & phone
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = $company_id");
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_name = $row['company_name'];
@ -101,8 +99,8 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $comp
);
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'");
}
}
@ -127,7 +125,7 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$message = "<i>Email from: $from_email at $date:-</i> <br><br>$message";
// Lookup the ticket ID
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, tickets.company_id, contact_email
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email
FROM tickets
LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id
WHERE ticket_number = $ticket_number LIMIT 1"));
@ -140,11 +138,10 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$ticket_reply_contact = intval($row['ticket_contact_id']);
$ticket_contact_email = $row['contact_email'];
$client_id = intval($row['ticket_client_id']);
$company_id = intval($row['company_id']);
// Check ticket isn't closed
if ($ticket_status == "Closed") {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Email parser: $from_email attempted to re-open ticket $config_ticket_prefix$ticket_number (ID $ticket_id) - check inbox manually to see email', notification_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Email parser: $from_email attempted to re-open ticket $config_ticket_prefix$ticket_number (ID $ticket_id) - check inbox manually to see email', notification_client_id = $client_id");
return false;
}
@ -171,13 +168,13 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$comment = trim(mysqli_real_escape_string($mysqli, $message));
// Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id");
// Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open' WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
echo "Updated existing ticket.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Email parser: Client contact $from_email updated ticket $config_ticket_prefix$ticket_number ($subject)', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Email parser: Client contact $from_email updated ticket $config_ticket_prefix$ticket_number ($subject)', log_client_id = $client_id");
return true;
@ -197,7 +194,7 @@ $imap = imap_open("{{$imap_mailbox}}INBOX", $config_smtp_username, $config_smtp_
if (!$imap) {
// Logging
$extended_log_description = var_export(imap_errors(), true);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Email parser: Failed to connect to IMAP. Details: $extended_log_description', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Email parser: Failed to connect to IMAP. Details: $extended_log_description'");
exit("Could not connect to IMAP");
}
@ -268,9 +265,8 @@ if ($emails) {
$contact_id = intval($row['contact_id']);
$contact_email = $row['contact_email'];
$client_id = intval($row['contact_client_id']);
$company_id = intval($row['company_id']);
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message)) {
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message)) {
$email_processed = true;
}
@ -287,20 +283,19 @@ if ($emails) {
// Client details
$client_id = intval($row['client_id']);
$company_id = intval($row['company_id']);
// Contact details
$password = password_hash(randomString(), PASSWORD_DEFAULT);
$contact_name = $from_name;
$contact_email = $from_email;
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_notes = 'Added automatically via email parsing.', contact_password_hash = '$password', contact_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_notes = 'Added automatically via email parsing.', contact_password_hash = '$password', contact_client_id = $client_id");
$contact_id = mysqli_insert_id($mysqli);
// Logging for contact creation
echo "Created new contact.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = 'Email parser: created contact $contact_name', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = 'Email parser: created contact $contact_name', log_client_id = $client_id");
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message)) {
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message)) {
$email_processed = true;
}

68
dashboard_financial.php
View File

@ -15,10 +15,10 @@ if (isset($_GET['year'])) {
//GET unique years from expenses, payments invoices and revenues
$sql_years_select = mysqli_query(
$mysqli,
"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(invoice_date) FROM invoices WHERE company_id = $session_company_id
"SELECT YEAR(expense_date) AS all_years FROM expenses
UNION DISTINCT SELECT YEAR(payment_date) FROM payments
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues
UNION DISTINCT SELECT YEAR(invoice_date) FROM invoices
ORDER BY all_years DESC
");
@ -26,32 +26,32 @@ $sql_years_select = mysqli_query(
$largest_income_month = 0;
//Get Total income
$sql_total_payments_to_invoices = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
$sql_total_payments_to_invoices = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year");
$row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = floatval($row['total_payments_to_invoices']);
//Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
$sql_total_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0");
$row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = floatval($row['total_revenues']);
$total_income = $total_payments_to_invoices + $total_revenues;
//Get Total expenses and do not grab transfer expenses as these have a vendor of 0
$sql_total_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_vendor_id > 0 AND YEAR(expense_date) = $year AND company_id = $session_company_id");
$sql_total_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_vendor_id > 0 AND YEAR(expense_date) = $year");
$row = mysqli_fetch_array($sql_total_expenses);
$total_expenses = floatval($row['total_expenses']);
//Total up all the Invoices that are not draft or cancelled
$sql_invoice_totals = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year AND company_id = $session_company_id");
$sql_invoice_totals = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year");
$row = mysqli_fetch_array($sql_invoice_totals);
$invoice_totals = floatval($row['invoice_totals']);
//Quaeries from Receivables
$sql_total_payments_to_invoices_all_years = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices_all_years FROM payments WHERE company_id = $session_company_id");
$sql_total_payments_to_invoices_all_years = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices_all_years FROM payments");
$row = mysqli_fetch_array($sql_total_payments_to_invoices_all_years);
$total_payments_to_invoices_all_years = floatval($row['total_payments_to_invoices_all_years']);
$sql_invoice_totals_all_years = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals_all_years FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $session_company_id");
$sql_invoice_totals_all_years = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals_all_years FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'");
$row = mysqli_fetch_array($sql_invoice_totals_all_years);
$invoice_totals_all_years = floatval($row['invoice_totals_all_years']);
@ -59,14 +59,13 @@ $receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years
$profit = $total_income - $total_expenses;
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE company_id = $session_company_id");
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts");
$sql_latest_invoice_payments = mysqli_query(
$mysqli,
"SELECT * FROM payments, invoices, clients
WHERE payment_invoice_id = invoice_id
AND invoice_client_id = client_id
AND clients.company_id = $session_company_id
ORDER BY payment_id DESC LIMIT 5"
);
@ -75,31 +74,30 @@ $sql_latest_expenses = mysqli_query(
"SELECT * FROM expenses, vendors, categories
WHERE expense_vendor_id = vendor_id
AND expense_category_id = category_id
AND expenses.company_id = $session_company_id
ORDER BY expense_id DESC LIMIT 5"
);
//Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND company_id = $session_company_id");
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month'");
$row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND company_id = $session_company_id");
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year'");
$row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']);
//Get Total Miles Driven
$sql_miles_driven = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS total_miles FROM trips WHERE YEAR(trip_date) = $year AND company_id = $session_company_id");
$sql_miles_driven = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS total_miles FROM trips WHERE YEAR(trip_date) = $year");
$row = mysqli_fetch_array($sql_miles_driven);
$total_miles = floatval($row['total_miles']);
//Get Total Clients added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients WHERE YEAR(client_created_at) = $year AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients WHERE YEAR(client_created_at) = $year"));
$clients_added = intval($row['clients_added']);
//Get Total Vendors added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS vendors_added FROM vendors WHERE YEAR(vendor_created_at) = $year AND vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS vendors_added FROM vendors WHERE YEAR(vendor_created_at) = $year AND vendor_client_id = 0 AND vendor_template = 0"));
$vendors_added = intval($row['vendors_added']);
?>
@ -490,11 +488,11 @@ $vendors_added = intval($row['vendors_added']);
data: [
<?php
for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
$row = mysqli_fetch_array($sql_payments);
$payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND company_id = $session_company_id");
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
$row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = floatval($row['revenue_amount_for_month']);
@ -529,11 +527,11 @@ $vendors_added = intval($row['vendors_added']);
data: [
<?php
for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year-1 AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year-1 AND MONTH(payment_date) = $month");
$row = mysqli_fetch_array($sql_payments);
$payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year-1 AND MONTH(revenue_date) = $month AND company_id = $session_company_id");
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year-1 AND MONTH(revenue_date) = $month");
$row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = floatval($row['revenue_amount_for_month']);
@ -571,7 +569,7 @@ $vendors_added = intval($row['vendors_added']);
$largest_invoice_month = 0;
for($month = 1; $month<=12; $month++) {
$sql_projected = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amount_for_month FROM invoices WHERE YEAR(invoice_due) = $year AND MONTH(invoice_due) = $month AND invoice_status NOT LIKE 'Cancelled' AND invoice_status NOT LIKE 'Draft' AND company_id = $session_company_id");
$sql_projected = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amount_for_month FROM invoices WHERE YEAR(invoice_due) = $year AND MONTH(invoice_due) = $month AND invoice_status NOT LIKE 'Cancelled' AND invoice_status NOT LIKE 'Draft'");
$row = mysqli_fetch_array($sql_projected);
$invoice_for_month = floatval($row['invoice_amount_for_month']);
@ -607,7 +605,7 @@ $vendors_added = intval($row['vendors_added']);
$largest_expense_month = 0;
for($month = 1; $month<=12; $month++) {
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0 AND expenses.company_id = $session_company_id");
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0");
$row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = floatval($row['expense_amount_for_month']);
@ -683,7 +681,7 @@ $vendors_added = intval($row['vendors_added']);
data: [
<?php
for($month = 1; $month<=12; $month++) {
$sql_trips = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month AND trips.company_id = $session_company_id");
$sql_trips = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month");
$row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = floatval($row['trip_miles_for_month']);
$largest_trip_miles_month = 0;
@ -746,7 +744,7 @@ $vendors_added = intval($row['vendors_added']);
data: {
labels: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_name = json_encode($row['category_name']);
echo "$category_name,";
@ -758,11 +756,11 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{
data: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_id = intval($row['category_id']);
$sql_invoices = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS income_amount_for_year FROM invoices WHERE invoice_category_id = $category_id AND YEAR(invoice_date) = $year AND company_id = $session_company_id");
$sql_invoices = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS income_amount_for_year FROM invoices WHERE invoice_category_id = $category_id AND YEAR(invoice_date) = $year");
$row = mysqli_fetch_array($sql_invoices);
$income_amount_for_year = floatval($row['income_amount_for_year']);
echo "$income_amount_for_year,";
@ -773,7 +771,7 @@ $vendors_added = intval($row['vendors_added']);
],
backgroundColor: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']);
echo "$category_color,";
@ -803,7 +801,7 @@ $vendors_added = intval($row['vendors_added']);
data: {
labels: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_name = json_encode($row['category_name']);
echo "$category_name,";
@ -815,7 +813,7 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{
data: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_id = $row['category_id'];
@ -830,7 +828,7 @@ $vendors_added = intval($row['vendors_added']);
],
backgroundColor: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']);
echo "$category_color,";
@ -856,7 +854,7 @@ $vendors_added = intval($row['vendors_added']);
data: {
labels: [
<?php
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id");
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_name = json_encode($row['vendor_name']);
echo "$vendor_name,";
@ -868,7 +866,7 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{
data: [
<?php
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id");
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = $row['vendor_id'];
@ -883,7 +881,7 @@ $vendors_added = intval($row['vendors_added']);
],
backgroundColor: [
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']);
echo "$category_color,";

23
dashboard_technical.php
View File

@ -12,9 +12,8 @@ if (isset($_GET['year'])) {
$sql_payment_years = mysqli_query(
$mysqli,
"SELECT YEAR(expense_date) AS all_years FROM expenses
WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id
UNION DISTINCT SELECT YEAR(payment_date) FROM payments
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues
ORDER BY all_years DESC"
);
@ -22,8 +21,7 @@ $sql_payment_years = mysqli_query(
$sql_clients = mysqli_fetch_assoc(mysqli_query(
$mysqli,
"SELECT COUNT('client_id') AS clients_added FROM clients
WHERE YEAR(client_created_at) = $year
AND company_id = $session_company_id"
WHERE YEAR(client_created_at) = $year"
));
$clients_added = $sql_clients['clients_added'];
@ -31,8 +29,7 @@ $clients_added = $sql_clients['clients_added'];
$sql_contacts = mysqli_fetch_assoc(mysqli_query(
$mysqli,
"SELECT COUNT('contact_id') AS contacts_added FROM contacts
WHERE YEAR(contact_created_at) = $year
AND company_id = $session_company_id"
WHERE YEAR(contact_created_at) = $year"
));
$contacts_added = $sql_contacts['contacts_added'];
@ -40,8 +37,7 @@ $contacts_added = $sql_contacts['contacts_added'];
$sql_assets = mysqli_fetch_assoc(mysqli_query(
$mysqli,
"SELECT COUNT('asset_id') AS assets_added FROM assets
WHERE YEAR(asset_created_at) = $year
AND company_id = $session_company_id"
WHERE YEAR(asset_created_at) = $year"
));
$assets_added = $sql_assets['assets_added'];
@ -50,8 +46,7 @@ $sql_tickets = mysqli_fetch_assoc(mysqli_query(
$mysqli,
"SELECT COUNT('ticket_id') AS active_tickets
FROM tickets
WHERE ticket_status != 'Closed'
AND company_id = $session_company_id"
WHERE ticket_status != 'Closed'"
));
$active_tickets = $sql_tickets['active_tickets'];
@ -63,8 +58,7 @@ $sql_domains_expiring = mysqli_fetch_assoc(mysqli_query(
WHERE domain_expire IS NOT NULL
AND domain_expire > CURRENT_DATE
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND domain_archived_at IS NULL
AND company_id = $session_company_id"
AND domain_archived_at IS NULL"
));
$expiring_domains = $sql_domains_expiring['expiring_domains'];
@ -76,8 +70,7 @@ $sql_certs_expiring = mysqli_fetch_assoc(mysqli_query(
WHERE certificate_expire IS NOT NULL
AND certificate_expire > CURRENT_DATE
AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY
AND certificate_archived_at IS NULL
AND company_id = $session_company_id"
AND certificate_archived_at IS NULL"
));
$expiring_certificates = $sql_certs_expiring['expiring_certs'];

58
database_updates.php
View File

@ -877,13 +877,65 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.5'");
}
//if (CURRENT_DATABASE_VERSION == '0.4.5') {
// Insert queries here required to update to DB version 0.4.6
if (CURRENT_DATABASE_VERSION == '0.4.5') {
// Insert queries here required to update to DB version 0.4.6
mysqli_query($mysqli, "ALTER TABLE `contacts` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `locations` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `assets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `software` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `logins` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `networks` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `certificates` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `domains` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `tickets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `ticket_replies` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `scheduled_tickets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `services` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `vendors` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `calendars` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `events` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `files` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `documents` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `folders` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `invoices` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `recurring` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `quotes` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `history` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `invoice_items` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `payments` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `trips` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `clients` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `expenses` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `transfers` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `revenues` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `api_keys` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `taxes` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `categories` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `tags` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `accounts` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `interfaces` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `records` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `logs` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `notifications` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `products` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `companies` DROP `company_archived_at`");
mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_default_company`");
mysqli_query($mysqli, "DROP TABLE `user_companies`");
mysqli_query($mysqli, "DROP TABLE `user_keys`"); //Unused Table
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.6'");
}
//if (CURRENT_DATABASE_VERSION == '0.4.6') {
// Insert queries here required to update to DB version 0.4.7
// Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.6'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.7'");
//}
} else {
// Up-to-date
}

2
database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.4.5");
DEFINE("LATEST_DATABASE_VERSION", "0.4.6");

73
db.sql
View File

@ -31,7 +31,6 @@ CREATE TABLE `accounts` (
`account_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`account_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`account_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`account_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -50,7 +49,6 @@ CREATE TABLE `api_keys` (
`api_key_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`api_key_expire` date NOT NULL,
`api_key_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`api_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -129,7 +127,6 @@ CREATE TABLE `assets` (
`asset_contact_id` int(11) NOT NULL DEFAULT 0,
`asset_network_id` int(11) NOT NULL DEFAULT 0,
`asset_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`asset_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -148,7 +145,6 @@ CREATE TABLE `calendars` (
`calendar_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`calendar_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`calendar_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`calendar_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -168,7 +164,6 @@ CREATE TABLE `categories` (
`category_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`category_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`category_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -194,7 +189,6 @@ CREATE TABLE `certificates` (
`certificate_accessed_at` datetime DEFAULT NULL,
`certificate_domain_id` int(11) NOT NULL DEFAULT 0,
`certificate_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`certificate_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -235,7 +229,6 @@ CREATE TABLE `clients` (
`client_accessed_at` datetime DEFAULT NULL,
`primary_location` int(11) NOT NULL DEFAULT 0,
`primary_contact` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -263,7 +256,6 @@ CREATE TABLE `companies` (
`company_currency` varchar(200) NOT NULL,
`company_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`company_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`company_archived_at` datetime DEFAULT NULL,
PRIMARY KEY (`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -355,7 +347,6 @@ CREATE TABLE `contacts` (
`contact_location_id` int(11) NOT NULL DEFAULT 0,
`contact_department` varchar(200) DEFAULT NULL,
`contact_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -379,7 +370,6 @@ CREATE TABLE `documents` (
`document_template` tinyint(1) NOT NULL DEFAULT 0,
`document_folder_id` int(11) NOT NULL DEFAULT 0,
`document_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`document_id`),
FULLTEXT KEY `document_content_raw` (`document_content_raw`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@ -408,7 +398,6 @@ CREATE TABLE `domains` (
`domain_registrar` int(11) NOT NULL DEFAULT 0,
`domain_webhost` int(11) NOT NULL DEFAULT 0,
`domain_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`domain_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -433,7 +422,6 @@ CREATE TABLE `events` (
`event_client_id` int(11) NOT NULL DEFAULT 0,
`event_location_id` int(11) NOT NULL DEFAULT 0,
`event_calendar_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`event_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -461,7 +449,6 @@ CREATE TABLE `expenses` (
`expense_client_id` int(11) NOT NULL DEFAULT 0,
`expense_category_id` int(11) NOT NULL DEFAULT 0,
`expense_account_id` int(11) DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`expense_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -483,7 +470,6 @@ CREATE TABLE `files` (
`file_archived_at` datetime DEFAULT NULL,
`file_accessed_at` datetime DEFAULT NULL,
`file_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`file_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -500,7 +486,6 @@ CREATE TABLE `folders` (
`folder_name` varchar(200) NOT NULL,
`parent_folder` int(11) NOT NULL DEFAULT 0,
`folder_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`folder_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -520,7 +505,6 @@ CREATE TABLE `history` (
`history_invoice_id` int(11) NOT NULL DEFAULT 0,
`history_recurring_id` int(11) NOT NULL DEFAULT 0,
`history_quote_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`history_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -544,7 +528,6 @@ CREATE TABLE `interfaces` (
`interface_connected_asset_id` int(11) NOT NULL DEFAULT 0,
`interface_network_id` int(11) NOT NULL DEFAULT 0,
`interface_asset_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`interface_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -572,7 +555,6 @@ CREATE TABLE `invoice_items` (
`item_quote_id` int(11) NOT NULL DEFAULT 0,
`item_recurring_id` int(11) NOT NULL DEFAULT 0,
`item_invoice_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`item_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -601,7 +583,6 @@ CREATE TABLE `invoices` (
`invoice_archived_at` datetime DEFAULT NULL,
`invoice_category_id` int(11) NOT NULL,
`invoice_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`invoice_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -631,7 +612,6 @@ CREATE TABLE `locations` (
`location_accessed_at` datetime DEFAULT NULL,
`location_contact_id` int(11) NOT NULL DEFAULT 0,
`location_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`location_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -662,7 +642,6 @@ CREATE TABLE `logins` (
`login_asset_id` int(11) NOT NULL DEFAULT 0,
`login_software_id` int(11) NOT NULL DEFAULT 0,
`login_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -685,7 +664,6 @@ CREATE TABLE `logs` (
`log_client_id` int(11) NOT NULL DEFAULT 0,
`log_user_id` int(11) NOT NULL DEFAULT 0,
`log_entity_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) DEFAULT NULL,
PRIMARY KEY (`log_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -711,7 +689,6 @@ CREATE TABLE `networks` (
`network_accessed_at` datetime DEFAULT NULL,
`network_location_id` int(11) NOT NULL DEFAULT 0,
`network_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`network_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -732,7 +709,6 @@ CREATE TABLE `notifications` (
`notification_dismissed_by` int(11) DEFAULT NULL,
`notification_client_id` int(11) NOT NULL DEFAULT 0,
`notification_user_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`notification_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -756,7 +732,6 @@ CREATE TABLE `payments` (
`payment_archived_at` datetime DEFAULT NULL,
`payment_account_id` int(11) NOT NULL,
`payment_invoice_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`payment_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -779,7 +754,6 @@ CREATE TABLE `products` (
`product_archived_at` datetime DEFAULT NULL,
`product_tax_id` int(11) NOT NULL DEFAULT 0,
`product_category_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`product_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -807,7 +781,6 @@ CREATE TABLE `quotes` (
`quote_archived_at` datetime DEFAULT NULL,
`quote_category_id` int(11) NOT NULL,
`quote_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`quote_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -829,7 +802,6 @@ CREATE TABLE `records` (
`record_updated_at` datetime NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE current_timestamp(),
`record_archived_at` datetime DEFAULT NULL,
`record_domain_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`record_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -858,7 +830,6 @@ CREATE TABLE `recurring` (
`recurring_archived_at` datetime DEFAULT NULL,
`recurring_category_id` int(11) NOT NULL,
`recurring_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`recurring_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -884,7 +855,6 @@ CREATE TABLE `revenues` (
`revenue_category_id` int(11) NOT NULL DEFAULT 0,
`revenue_account_id` int(11) NOT NULL,
`revenue_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`revenue_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -911,7 +881,6 @@ CREATE TABLE `scheduled_tickets` (
`scheduled_ticket_client_id` int(11) NOT NULL DEFAULT 0,
`scheduled_ticket_contact_id` int(11) NOT NULL DEFAULT 0,
`scheduled_ticket_asset_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`scheduled_ticket_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1027,7 +996,6 @@ CREATE TABLE `services` (
`service_accessed_at` datetime DEFAULT NULL,
`service_review_due` date DEFAULT NULL,
`service_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`service_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1150,7 +1118,6 @@ CREATE TABLE `software` (
`software_login_id` int(11) NOT NULL DEFAULT 0,
`software_client_id` int(11) NOT NULL,
`software_template_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`software_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1241,7 +1208,6 @@ CREATE TABLE `tags` (
`tag_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`tag_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`tag_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1260,7 +1226,6 @@ CREATE TABLE `taxes` (
`tax_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`tax_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`tax_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`tax_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1282,7 +1247,6 @@ CREATE TABLE `ticket_replies` (
`ticket_reply_archived_at` datetime DEFAULT NULL,
`ticket_reply_by` int(11) NOT NULL,
`ticket_reply_ticket_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`ticket_reply_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1332,7 +1296,6 @@ CREATE TABLE `tickets` (
`ticket_contact_id` int(11) NOT NULL DEFAULT 0,
`ticket_location_id` int(11) NOT NULL DEFAULT 0,
`ticket_asset_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`ticket_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1352,7 +1315,6 @@ CREATE TABLE `transfers` (
`transfer_archived_at` datetime DEFAULT NULL,
`transfer_expense_id` int(11) NOT NULL,
`transfer_revenue_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`transfer_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1379,41 +1341,10 @@ CREATE TABLE `trips` (
`trip_archived_at` datetime DEFAULT NULL,
`trip_user_id` int(11) NOT NULL DEFAULT 0,
`trip_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`trip_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `user_companies`
--
DROP TABLE IF EXISTS `user_companies`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_companies` (
`user_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`user_id`,`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `user_keys`
--
DROP TABLE IF EXISTS `user_keys`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_keys` (
`user_key_id` int(11) NOT NULL AUTO_INCREMENT,
`user_key_name` varchar(200) DEFAULT NULL,
`user_public_key` varchar(250) NOT NULL,
`user_id` int(11) NOT NULL,
PRIMARY KEY (`user_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `user_settings`
--
@ -1423,7 +1354,6 @@ DROP TABLE IF EXISTS `user_settings`;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_settings` (
`user_id` int(11) NOT NULL,
`user_default_company` int(11) NOT NULL,
`user_role` int(11) NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
@ -1524,7 +1454,6 @@ CREATE TABLE `vendors` (
`vendor_accessed_at` datetime DEFAULT NULL,
`vendor_client_id` int(11) NOT NULL DEFAULT 0,
`vendor_template_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`vendor_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -1538,4 +1467,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2023-02-25 15:25:59
-- Dump completed on 2023-03-08 13:31:23

6
expense_add_modal.php
View File

@ -43,7 +43,7 @@
<option value="">- Account -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']);
@ -83,7 +83,7 @@
<option value="">- Vendor -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
@ -118,7 +118,7 @@
<option value="">- Category -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);

6
expense_copy_modal.php
View File

@ -44,7 +44,7 @@
<select class="form-control select2" name="account" required>
<?php
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']);
@ -82,7 +82,7 @@
<select class="form-control select2" name="vendor" required>
<?php
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']);
@ -114,7 +114,7 @@
<select class="form-control select2" name="category" required>
<?php
$sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC");
$sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);

11
expense_edit_modal.php
View File

@ -46,7 +46,7 @@
<select class="form-control select2" name="account" required>
<?php
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC");
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']);
@ -85,7 +85,7 @@
<select class="form-control select2" name="vendor" required>
<?php
$sql_select = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) AND company_id = $session_company_id ORDER BY vendor_name ASC");
$sql_select = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_select)) {
$vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']);
@ -120,7 +120,7 @@
<select class="form-control select2" name="category" required>
<?php
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_select)) {
$category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);
@ -156,7 +156,10 @@
<?php if (!empty($expense_receipt)) { ?>
<hr>
<a class="text-secondary" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>"><i class="fa fa-fw fa-2x fa-file-pdf text-secondary"></i> <?php echo basename($expense_receipt); ?></a>
<a class="text-secondary" href="<?php echo "uploads/expenses/$expense_receipt"; ?>"
download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>">
<i class="fa fa-fw fa-2x fa-file-pdf text-secondary"></i> <?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>
</a>
<?php } ?>
</div>

11
expenses.php
View File

@ -15,8 +15,7 @@ $sql = mysqli_query(
LEFT JOIN categories ON expense_category_id = category_id
LEFT JOIN vendors ON expense_vendor_id = vendor_id
LEFT JOIN accounts ON expense_account_id = account_id
WHERE expenses.company_id = $session_company_id
AND expense_vendor_id > 0
WHERE expense_vendor_id > 0
AND DATE(expense_date) BETWEEN '$dtf' AND '$dtt'
AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%' OR expense_description LIKE '%$q%' OR expense_amount LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to"
@ -39,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Expenses">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -86,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
@ -121,7 +120,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
if (empty($expense_receipt)) {
$receipt_attached = "";
} else {
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$session_company_id/$expense_receipt'><i class='fa fa-file-pdf'></i></a>";
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$expense_receipt' download='$expense_date-$vendor_name-$category_name-$expense_id.pdf'><i class='fa fa-file-pdf'></i></a>";
}
?>
@ -141,7 +140,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<?php
if (!empty($expense_receipt)) { ?>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<a class="dropdown-item" href="<?php echo "uploads/expenses/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<i class="fas fa-fw fa-download mr-2"></i>Download
</a>
<div class="dropdown-divider"></div>

3
functions.php
View File

@ -438,10 +438,9 @@ function getSSL($name) {
}
function strtoAZaz09($string) {
$string = ucwords(strtolower($string));
// Gets rid of non-alphanumerics
return preg_replace('/[^A-Za-z0-9_]/', '', $string);
return preg_replace('/[^A-Za-z0-9_-]/', '', $string);
}
// Cross-Site Request Forgery check for sensitive functions

19
get_credential.php
View File

@ -30,8 +30,8 @@ require_once("config.php");
require_once("functions.php");
// IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = santizeInput(getIP());
$user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']);
// Define wording for the user
DEFINE("WORDING_ROLECHECK_FAILED", "ITFlow - You are not permitted to use this application!");
@ -102,10 +102,9 @@ if (hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user
session_id($row['user_php_session']);
session_start();
$session_user_id = $row['user_id'];
$session_user_id = intval($row['user_id']);
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
// Check user access level is correct (not an accountant)
@ -126,21 +125,21 @@ if ($session_user_role < 1) {
if (isset($_GET['host'])) {
if (!empty($_GET['host'])) {
$url = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['host'])));
$url = santizeInput($_GET['host']);
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_uri = '$url' LIMIT 1");
if (mysqli_num_rows($sql_logins) > 0) {
$row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']);
$data['username'] = htmlentities(decryptLoginEntry($row['login_username']));
$data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
echo json_encode($data);
// Logging
$login_name = mysqli_real_escape_string($mysqli, $row['login_name']);
$login_user = mysqli_real_escape_string($mysqli, $row['login_username']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
$login_name = sanitizeInput($row['login_name']);
$login_user = sanitizeInput($row['login_username']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
}
}

2
get_settings.php
View File

@ -1,7 +1,7 @@
<?php
// Query Settings
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id");
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
// Database version

14
global_search.php
View File

@ -13,13 +13,13 @@ if (isset($_GET['query'])) {
$ticket_num_query = str_replace("$config_ticket_prefix", "", "$query");
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN locations ON clients.primary_location = locations.location_id WHERE client_name LIKE '%$query%' AND clients.company_id = $session_company_id ORDER BY client_id DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");
$sql_products = mysqli_query($mysqli, "SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN locations ON clients.primary_location = locations.location_id WHERE client_name LIKE '%$query%' ORDER BY client_id DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') ORDER BY contact_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') ORDER BY vendor_id DESC LIMIT 5");
$sql_products = mysqli_query($mysqli, "SELECT * FROM products WHERE product_name LIKE '%$query%' ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') ORDER BY document_id DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') ORDER BY ticket_id DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' ORDER BY login_id DESC LIMIT 5");
$q = htmlentities($_GET['query']);
?>

5
guest_download_file.php
View File

@ -48,8 +48,7 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$file_ext = sanitizeInput($file_row['file_ext']);
$file_reference_name = sanitizeInput($file_row['file_reference_name']);
$client_id = intval($file_row['file_client_id']);
$company_id = intval($file_row['company_id']);
$file_path = "uploads/clients/$company_id/$client_id/$file_reference_name";
$file_path = "uploads/clients/$client_id/$file_reference_name";
// Display file as download
$mime_type = mime_content_type($file_path);
@ -62,6 +61,6 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
}

43
guest_pay_invoice_stripe.php
View File

@ -32,8 +32,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$mysqli,
"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id
AND invoice_url_key = '$invoice_url_key'
AND invoice_status != 'Draft'
@ -61,6 +59,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_locale = htmlentities($row['company_locale']);
// Add up all the payments for the invoice and get the total amount paid to the invoice
@ -83,9 +84,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!-- jQuery -->
<script src="plugins/jquery/jquery.min.js"></script>
<br><br>
<div class="row">
<div class="row pt-5">
<!-- Show invoice details -->
<div class="col-sm">
@ -113,7 +112,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<tr>
<td><?php echo $item_name; ?></td>
<td><?php echo $item_quantity; ?></td>
<td class="text-center"><?php echo $item_quantity; ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td>
</tr>
@ -127,7 +126,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!-- End invoice details-->
<!-- Show Stripe payment form -->
<div class="col-sm offset-1">
<div class="col-sm offset-sm-1">
<form id="payment-form">
<h1><?php echo numfmt_format_currency($currency_format, $balance_to_pay, $invoice_currency_code); ?></h1>
<input type="hidden" id="stripe_publishable_key" value="<?php echo $config_stripe_publishable ?>">
@ -141,9 +140,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!--Stripe.js injects the Payment Element-->
</div>
<br>
<button type="submit" id="submit" class="btn btn-primary text-bold" hidden="hidden">
<button type="submit" id="submit" class="btn btn-primary btn-lg btn-block text-bold" hidden="hidden">
<div class="spinner hidden" id="spinner"></div>
<span id="button-text">Pay Invoice</span>
<span id="button-text"><i class="fas fa-check mr-2"></i>Pay Invoice</span>
</button>
<div id="payment-message" class="hidden"></div>
</form>
@ -196,7 +195,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN contacts ON contact_id = primary_contact
LEFT JOIN companies ON invoices.company_id = companies.company_id
WHERE invoice_id = $pi_invoice_id
AND invoice_status != 'Draft'
AND invoice_status != 'Paid'
@ -215,11 +213,14 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_company_id = intval($row['company_id']);
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name']));
$company_phone = htmlentities($row['company_phone']);
$company_locale = htmlentities($row['company_locale']);
@ -241,24 +242,24 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Apply payment
// Update Invoice Status
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id AND company_id = $invoice_company_id");
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id");
// Add Payment to History
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id");
// Notify
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id");
// Logging
$extended_log_desc = '';
if (!$pi_livemode) {
$extended_log_desc = '(DEV MODE)';
}
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id");
// Send email receipt
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $invoice_company_id");
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
$config_smtp_host = $row['config_smtp_host'];
@ -291,12 +292,12 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Email Logging
if ($mail === true) {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id");
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'");
}
}

14
guest_post.php
View File

@ -5,19 +5,18 @@ require_once("functions.php");
session_start();
if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
if (isset($_GET['accept_quote'], $_GET['url_key'])) {
$quote_id = intval($_GET['accept_quote']);
$company_id = intval($_GET['company_id']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id");
$_SESSION['alert_message'] = "Quote Accepted";
@ -28,19 +27,18 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
}
if (isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])) {
if (isset($_GET['decline_quote'], $_GET['url_key'])) {
$quote_id = intval($_GET['decline_quote']);
$company_id = intval($_GET['company_id']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Quote Declined";

18
guest_view_invoice.php
View File

@ -17,8 +17,6 @@ $sql = mysqli_query(
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id
AND invoice_url_key = '$url_key'"
);
@ -31,6 +29,7 @@ if (mysqli_num_rows($sql) !== 1) {
}
$row = mysqli_fetch_array($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@ -57,7 +56,10 @@ $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = intval($row['company_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
@ -68,7 +70,7 @@ $company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
}
$company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
@ -88,11 +90,11 @@ if ($invoice_status == 'Sent') {
}
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id");
if ($invoice_status !== 'Paid') {
$client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id");
}
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
@ -122,7 +124,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<div class="float-right">
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fas fa-fw fa-history mr-2"></i>Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download mr-2"></i>Download</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number")); ?>');"><i class="fa fa-fw fa-download mr-2"></i>Download</a>
<?php
if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card mr-2"></i>Pay Online</a>
@ -132,7 +134,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<div class="card-body">
<div class="row mb-4">
<div class="col-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
</div>
<div class="col-10">
<?php if ($invoice_status == "Paid") { ?>

4
guest_view_item.php
View File

@ -77,7 +77,7 @@ if ($item_type == "Document") {
// Logging
$name = mysqli_real_escape_string($mysqli, $doc_title);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
} elseif ($item_type == "File") {
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
@ -142,7 +142,7 @@ if ($item_type == "Document") {
// Logging
$name = sanitizeInput($login_row['login_name']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$ua', company_id = 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$ua'");
}

20
guest_view_quote.php
View File

@ -18,8 +18,6 @@ $sql = mysqli_query(
LEFT JOIN clients ON quote_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON quotes.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE quote_id = $quote_id
AND quote_url_key = '$url_key'"
);
@ -58,7 +56,9 @@ $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = intval($row['company_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
@ -69,7 +69,7 @@ $company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
}
$company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']);
@ -83,11 +83,11 @@ if ($quote_status == 'Sent') {
}
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_quote_id = $quote_id");
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
$client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id");
}
?>
@ -99,10 +99,10 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<?php
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
?>
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>">
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
</a>
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>">
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
</a>
<?php } ?>
@ -110,7 +110,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<div class="float-right">
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$quote_date-$company_name-QUOTE-$quote_prefix$quote_number.pdf"; ?>');">
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$quote_date-$company_name-QUOTE-$quote_prefix$quote_number")); ?>');">
<i class="fa fa-fw fa-download mr-2"></i>Download
</a>
</div>
@ -119,7 +119,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

21
inc_all_client.php
View File

@ -9,15 +9,14 @@ require_once("top_nav.php");
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id AND company_id = $session_company_id");
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id");
$sql = mysqli_query(
$mysqli,
"SELECT * FROM clients
LEFT JOIN locations ON primary_location = location_id AND location_archived_at IS NULL
LEFT JOIN contacts ON primary_contact = contact_id AND contact_archived_at IS NULL
WHERE client_id = $client_id
AND clients.company_id = $session_company_id"
WHERE client_id = $client_id"
);
if (mysqli_num_rows($sql) == 0) {
@ -89,13 +88,13 @@ if (isset($_GET['client_id'])) {
$balance = $invoice_amounts - $amount_paid;
//Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12;
@ -197,8 +196,7 @@ if (isset($_GET['client_id'])) {
WHERE domain_client_id = $client_id
AND domain_expire IS NOT NULL
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND domain_archived_at IS NULL
AND company_id = $session_company_id"
AND domain_archived_at IS NULL"
));
$num_domains_expiring = intval($row['num']);
@ -209,8 +207,7 @@ if (isset($_GET['client_id'])) {
WHERE certificate_client_id = $client_id
AND certificate_expire IS NOT NULL
AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY
AND certificate_archived_at IS NULL
AND company_id = $session_company_id"
AND certificate_archived_at IS NULL"
));
$num_certs_expiring = intval($row['num']);
@ -222,7 +219,7 @@ if (isset($_GET['client_id'])) {
AND asset_warranty_expire IS NOT NULL
AND asset_archived_at IS NULL
AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_warranty_expire DESC"
ORDER BY asset_warranty_expire DESC"
);
// Get Assets Retiring
@ -233,7 +230,7 @@ if (isset($_GET['client_id'])) {
AND asset_install_date IS NOT NULL
AND asset_archived_at IS NULL
AND asset_install_date + INTERVAL 7 YEAR < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_install_date DESC"
ORDER BY asset_install_date DESC"
);
// Get Stale Tickets
@ -243,7 +240,7 @@ if (isset($_GET['client_id'])) {
WHERE ticket_client_id = $client_id
AND ticket_created_at < CURRENT_DATE - INTERVAL 14 DAY
AND ticket_status != 'Closed'
AND company_id = $session_company_id ORDER BY ticket_created_at DESC"
ORDER BY ticket_created_at DESC"
);
}

14
invoice.php
View File

@ -12,7 +12,6 @@ if (isset($_GET['invoice_id'])) {
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
WHERE invoice_id = $invoice_id"
);
@ -52,6 +51,9 @@ if (isset($_GET['invoice_id'])) {
if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms;
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
@ -64,7 +66,7 @@ if (isset($_GET['invoice_id'])) {
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
}
$sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC");
@ -89,7 +91,7 @@ if (isset($_GET['invoice_id'])) {
$invoice_badge_color = getInvoiceBadgeColor($invoice_status);
//Product autocomplete
$products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id");
$products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products");
if (mysqli_num_rows($products_sql) > 0) {
while ($row = mysqli_fetch_array($products_sql)) {
@ -164,7 +166,7 @@ if (isset($_GET['invoice_id'])) {
<a class="dropdown-item" href="#" onclick="window.print();">
<i class="fa fa-fw fa-print text-secondary mr-2"></i>Print
</a>
<a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-$client_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');">
<a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$invoice_date-$company_name-$client_name-Invoice-$invoice_prefix$invoice_number")); ?>');">
<i class="fa fa-fw fa-download text-secondary mr-2"></i>Download PDF
</a>
<?php if (!empty($config_smtp_host) && !empty($contact_email)) { ?>
@ -194,7 +196,7 @@ if (isset($_GET['invoice_id'])) {
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>" alt="Company logo">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>" alt="Company logo">
</div>
<div class="col-sm-10">
<div class="ribbon-wrapper">
@ -331,7 +333,7 @@ if (isset($_GET['invoice_id'])) {
<option value="0">No Tax</option>
<?php
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']);

4
invoice_add_modal.php
View File

@ -35,7 +35,7 @@
<option value="">- Client -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
@ -61,7 +61,7 @@
<option value="">- Category -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);

2
invoice_edit_modal.php
View File

@ -42,7 +42,7 @@
<option value="">- Category -</option>
<?php
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_income_category)) {
$category_id_select= intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);

4
invoice_payment_add_modal.php
View File

@ -54,7 +54,7 @@
<option value="">- Account -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']);
@ -94,7 +94,7 @@
<option value="">- Method of Payment -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$category_name = htmlentities($row['category_name']);
?>

33
invoices.php
View File

@ -6,50 +6,50 @@ $o = "DESC";
require_once("inc_all.php");
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'"));
$sent_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed'"));
$viewed_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial' AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial'"));
$partial_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft'"));
$draft_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled'"));
$cancelled_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE() AND company_id = $session_company_id"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE()"));
$overdue_count = $row['num'];
$sql_total_draft = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id");
$sql_total_draft = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft'");
$row = mysqli_fetch_array($sql_total_draft);
$total_draft = floatval($row['total_draft']);
$sql_total_sent = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id");
$sql_total_sent = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent'");
$row = mysqli_fetch_array($sql_total_sent);
$total_sent = floatval($row['total_sent']);
$sql_total_viewed = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id");
$sql_total_viewed = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed'");
$row = mysqli_fetch_array($sql_total_viewed);
$total_viewed = floatval($row['total_viewed']);
$sql_total_cancelled = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id");
$sql_total_cancelled = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled'");
$row = mysqli_fetch_array($sql_total_cancelled);
$total_cancelled = floatval($row['total_cancelled']);
$sql_total_partial = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoices.company_id = $session_company_id");
$sql_total_partial = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial'");
$row = mysqli_fetch_array($sql_total_partial);
$total_partial = floatval($row['total_partial']);
$total_partial_count = mysqli_num_rows($sql_total_partial);
$sql_total_overdue_partial = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
$sql_total_overdue_partial = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE()");
$row = mysqli_fetch_array($sql_total_overdue_partial);
$total_overdue_partial = floatval($row['total_overdue_partial']);
$sql_total_overdue = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
$sql_total_overdue = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE()");
$row = mysqli_fetch_array($sql_total_overdue);
$total_overdue = floatval($row['total_overdue']);
@ -76,8 +76,7 @@ $sql = mysqli_query(
"SELECT SQL_CALC_FOUND_ROWS * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN categories ON invoice_category_id = category_id
WHERE invoices.company_id = $session_company_id
AND (invoice_status LIKE '$status_query')
WHERE (invoice_status LIKE '$status_query')
AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to"
@ -160,7 +159,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo strip_tags(htmlentities($q));} ?>" placeholder="Search Invoices">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -202,7 +201,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
item_edit_modal.php
View File

@ -77,7 +77,7 @@
<option value="0">No Tax</option>
<?php
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC");
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id_select = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']);

6
login.php
View File

@ -145,7 +145,7 @@ if (isset($_POST['login'])) {
// Set PHP session in DB, so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id");
}
}
@ -228,7 +228,7 @@ if (isset($_POST['login'])) {
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Login</title>
<title><?php echo htmlentities($company_name); ?> | Login</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
@ -244,7 +244,7 @@ if (isset($_POST['login'])) {
<div class="login-box">
<div class="login-logo">
<?php if (!empty($company_logo)) { ?>
<img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/1/$company_logo"; ?>">
<img alt="<?=htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<?php } else { ?>
<b>IT</b>Flow
<?php } ?>

2
logs.php
View File

@ -74,7 +74,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-sm table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

1
models/user.php
View File

@ -1,5 +1,4 @@
<?php
$name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']);
$default_company = intval($_POST['default_company']);
$role = intval($_POST['role']);

4
notifications.php
View File

@ -2,7 +2,7 @@
require_once("inc_all.php");
$sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON notification_client_id = client_id WHERE notification_dismissed_at IS NULL AND (notification_user_id = $session_user_id OR notification_user_id = 0) AND notifications.company_id = $session_company_id ORDER BY notification_id DESC");
$sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON notification_client_id = client_id WHERE notification_dismissed_at IS NULL AND (notification_user_id = $session_user_id OR notification_user_id = 0) ORDER BY notification_id DESC");
?>
@ -18,7 +18,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
<div class="card-body">
<?php if (mysqli_num_rows($sql) > 0) { ?>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead>
<tr>

3
notifications_dismissed.php
View File

@ -18,7 +18,6 @@ $sql = mysqli_query(
WHERE (notification_type LIKE '%$q%' OR notification LIKE '%$q%' OR user_name LIKE '%$q%' OR client_name LIKE '%$q%')
AND DATE(notification_timestamp) BETWEEN '$dtf' AND '$dtt'
AND (notification_user_id = $session_user_id OR notification_user_id = 0)
AND notifications.company_id = $session_company_id
AND notification_dismissed_at IS NOT NULL
ORDER BY $sb $o
LIMIT $record_from, $record_to
@ -64,7 +63,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</div>
</form>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

5
payments.php
View File

@ -15,8 +15,7 @@ $sql = mysqli_query(
LEFT JOIN invoices ON payment_invoice_id = invoice_id
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN accounts ON payment_account_id = account_id
WHERE payments.company_id = $session_company_id
AND DATE(payment_date) BETWEEN '$dtf' AND '$dtt'
WHERE DATE(payment_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%' OR payment_reference LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
@ -77,7 +76,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

5
portal/check_login.php
View File

@ -28,11 +28,10 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Get info from session
$session_client_id = intval($_SESSION['client_id']);
$session_contact_id = intval($_SESSION['contact_id']);
$session_company_id = intval($_SESSION['company_id']);
// Get company info from database
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
@ -43,7 +42,7 @@ $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRE
// Get contact info
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id");
$contact = mysqli_fetch_array($contact_sql);
$session_contact_name = sanitizeInput($contact['contact_name']);

5
portal/inc_portal.php
View File

@ -19,4 +19,9 @@ if (!isset($_SESSION)) {
session_start();
}
// Get Company Information
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = $row['company_name'];
require_once("portal_header.php");

Some files were not shown because too many files have changed in this diff Show More