AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes

Browse Source
This commit is contained in:
johnnyq
2023-03-11 16:16:46 -05:00
parent 75da31d991
commit 48fe49cf77
164 changed files with 2154 additions and 2794 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
accounts.php
View File

@@ -12,7 +12,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, '
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM accounts "SELECT SQL_CALC_FOUND_ROWS * FROM accounts
WHERE account_name LIKE '%$q%' AND company_id = $session_company_id WHERE account_name LIKE '%$q%'
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
); );
@@ -37,7 +37,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

26
ajax.php
View File

@@ -70,7 +70,7 @@ if (isset($_GET['certificate_get_json_details'])) {
} }
// Get all domains for this client that could be linked to this certificate // Get all domains for this client that could be linked to this certificate
$domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = '$client_id' AND company_id = '$session_company_id'"); $domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = $client_id");
while ($row = mysqli_fetch_array($domains_sql)) { while ($row = mysqli_fetch_array($domains_sql)) {
$response['domains'][] = $row; $response['domains'][] = $row;
} }
@@ -113,7 +113,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'"); WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) { if (mysqli_num_rows($sql) == 0) {
//Do nothing. //Do nothing.
@@ -144,7 +144,7 @@ if (isset($_GET['network_get_json_details'])) {
$locations_sql = mysqli_query( $locations_sql = mysqli_query(
$mysqli, $mysqli,
"SELECT location_id, location_name FROM locations "SELECT location_id, location_name FROM locations
WHERE location_client_id = '$client_id' AND company_id = '$session_company_id'" WHERE location_client_id = '$client_id'"
); );
while ($row = mysqli_fetch_array($locations_sql)) { while ($row = mysqli_fetch_array($locations_sql)) {
$response['locations'][] = $row; $response['locations'][] = $row;
@@ -158,10 +158,10 @@ if (isset($_POST['client_set_notes'])) {
$notes = sanitizeInput($_POST['notes']); $notes = sanitizeInput($_POST['notes']);
// Update notes // Update notes
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'"); mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = $client_id");
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
} }
@@ -173,7 +173,7 @@ if (isset($_POST['contact_set_notes'])) {
mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id"); mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
} }
@@ -185,7 +185,7 @@ if (isset($_POST['contact_set_notes'])) {
if (isset($_GET['ticket_add_view'])) { if (isset($_GET['ticket_add_view'])) {
$ticket_id = intval($_GET['ticket_id']); $ticket_id = intval($_GET['ticket_id']);
mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = '$ticket_id', view_user_id = '$session_user_id', view_timestamp = NOW()"); mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = $ticket_id, view_user_id = $session_user_id, view_timestamp = NOW()");
} }
/* /*
@@ -196,7 +196,7 @@ if (isset($_GET['ticket_add_view'])) {
if (isset($_GET['ticket_query_views'])) { if (isset($_GET['ticket_query_views'])) {
$ticket_id = intval($_GET['ticket_id']); $ticket_id = intval($_GET['ticket_id']);
$query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = '$ticket_id' AND view_user_id != '$session_user_id' AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)"); $query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = $ticket_id AND view_user_id != $session_user_id AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
while ($row = mysqli_fetch_array($query)) { while ($row = mysqli_fetch_array($query)) {
$users[] = $row['user_name']; $users[] = $row['user_name'];
} }
@@ -236,17 +236,17 @@ if (isset($_GET['share_generate_link'])) {
$item_key = randomString(156); $item_key = randomString(156);
if ($item_type == "Document") { if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1")); $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['document_name']); $item_name = sanitizeInput($row['document_name']);
} }
if ($item_type == "File") { if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1")); $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['file_name']); $item_name = sanitizeInput($row['file_name']);
} }
if ($item_type == "Login") { if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1"); $login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = $item_id AND login_client_id = $client_id LIMIT 1");
$row = mysqli_fetch_array($login); $row = mysqli_fetch_array($login);
$item_name = sanitizeInput($row['login_name']); $item_name = sanitizeInput($row['login_name']);
@@ -266,7 +266,7 @@ if (isset($_GET['share_generate_link'])) {
} }
// Insert entry into DB // Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = '$item_expires', item_client_id = $client_id");
$share_id = $mysqli->insert_id; $share_id = $mysqli->insert_id;
// Return URL // Return URL
@@ -279,7 +279,7 @@ if (isset($_GET['share_generate_link'])) {
echo json_encode($url); echo json_encode($url);
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = $client_id, log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
} }

6
api/v1/assets/create.php
View File

@@ -11,14 +11,14 @@ $insert_id = false;
if (!empty($name) && !empty($client_id)) { if (!empty($name) && !empty($client_id)) {
// Insert into Database // Insert into Database
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'"); $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id");
if ($insert_sql) { if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli); $insert_id = mysqli_insert_id($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
} }
} }

6
api/v1/assets/delete.php
View File

@@ -10,17 +10,17 @@ $asset_id = intval($_POST['asset_id']);
$delete_count = false; $delete_count = false;
if (!empty($asset_id)) { if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"));
$asset_name = $row['asset_name']; $asset_name = $row['asset_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
// Check delete & get affected rows // Check delete & get affected rows
if ($delete_sql && !empty($asset_name)) { if ($delete_sql && !empty($asset_name)) {
$delete_count = mysqli_affected_rows($mysqli); $delete_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
} }
} }

41
api/v1/assets/read.php
View File

@@ -1,41 +0,0 @@
<?php
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Asset via ID (single)
if (isset($_GET['asset_id'])) {
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
} elseif (isset($_GET['asset_type'])) {
// Asset query via type
$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['asset_name'])) {
// Asset query via name
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['asset_serial'])) {
// Asset query via serial
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) {
// Asset query via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// All assets
else {
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Output
require_once("../read_output.php");

8
api/v1/assets/update.php
View File

@@ -11,20 +11,20 @@ $update_count = false;
if (!empty($asset_id)) { if (!empty($asset_id)) {
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided // Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php'); require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
// Check insert & get insert ID // Check insert & get insert ID
if ($update_sql) { if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli); $update_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
} }
} }

8
api/v1/certificates/read.php
View File

@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific certificate via ID (single) // Specific certificate via ID (single)
if (isset($_GET['certificate_id'])) { if (isset($_GET['certificate_id'])) {
$id = intval($_GET['certificate_id']); $id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id'");
} elseif (isset($_GET['certificate_name'])) { } elseif (isset($_GET['certificate_name'])) {
// Certificate by name // Certificate by name
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']); $name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) { } elseif (isset($_GET['client_id'])) {
// Certificate via client ID // Certificate via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} else { } else {
// All certificates // All certificates
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

6
api/v1/clients/read.php
View File

@@ -6,18 +6,18 @@ require_once('../require_get_method.php');
// Specific client via ID (single) // Specific client via ID (single)
if (isset($_GET['client_id'])) { if (isset($_GET['client_id'])) {
$id = intval($_GET['client_id']); $id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id'");
} elseif (isset($_GET['client_name'])) { } elseif (isset($_GET['client_name'])) {
// Specific client via name (single) // Specific client via name (single)
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']); $name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");
} else { } else {
// All clients // All clients
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

6
api/v1/contacts/create.php
View File

@@ -17,14 +17,14 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
if (mysqli_num_rows($email_duplication_sql) == 0) { if (mysqli_num_rows($email_duplication_sql) == 0) {
// Insert contact // Insert contact
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id"); $insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id");
// Check insert & get insert ID // Check insert & get insert ID
if ($insert_sql) { if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli); $insert_id = mysqli_insert_id($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
} }
} }

6
api/v1/contacts/delete.php
View File

@@ -10,17 +10,17 @@ $contact_id = intval($_POST['contact_id']);
$delete_count = false; $delete_count = false;
if (!empty($contact_id)) { if (!empty($contact_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1"));
$contact_name = $row['contact_name']; $contact_name = $row['contact_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1");
// Check delete & get affected rows // Check delete & get affected rows
if ($delete_sql && !empty($contact_name)) { if ($delete_sql && !empty($contact_name)) {
$delete_count = mysqli_affected_rows($mysqli); $delete_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
} }
} }

6
api/v1/contacts/read.php
View File

@@ -6,18 +6,18 @@ require_once('../require_get_method.php');
// Specific contact via ID (single) // Specific contact via ID (single)
if (isset($_GET['contact_id'])) { if (isset($_GET['contact_id'])) {
$id = intval($_GET['contact_id']); $id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id'");
} elseif (isset($_GET['contact_email'])) { } elseif (isset($_GET['contact_email'])) {
// Specific contact via email (single) // Specific contact via email (single)
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']); $email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");
} else { } else {
// All contacts // All contacts
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

8
api/v1/contacts/update.php
View File

@@ -11,20 +11,20 @@ $update_count = false;
if (!empty($contact_id)) { if (!empty($contact_id)) {
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided // Variable assignment from POST - assigning the current database value if a value is not provided
require_once('contact_model.php'); require_once('contact_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1"); $update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID // Check insert & get insert ID
if ($update_sql) { if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli); $update_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
} }
} }

4
api/v1/documents/read.php
View File

@@ -7,12 +7,12 @@ if (isset($_GET['document_id'])) {
// Document via ID (single) // Document via ID (single)
$id = intval($_GET['document_id']); $id = intval($_GET['document_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
} else { } else {
// All documents // All documents
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

8
api/v1/domains/read.php
View File

@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific domain via ID (single) // Specific domain via ID (single)
if (isset($_GET['domain_id'])) { if (isset($_GET['domain_id'])) {
$id = intval($_GET['domain_id']); $id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id'");
} elseif (isset($_GET['domain_name'])) { } elseif (isset($_GET['domain_name'])) {
// Domain by name // Domain by name
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']); $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) { } elseif (isset($_GET['client_id'])) {
// Domain via client ID // Domain via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} else { } else {
// All domains // All domains
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

4
api/v1/expenses/read.php
View File

@@ -9,12 +9,12 @@ if (isset($_GET['expense_id']) && $client_id == "%") {
// Expense via ID (single) // Expense via ID (single)
$id = intval($_GET['expense_id']); $id = intval($_GET['expense_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id'");
} elseif ($client_id == "%") { } elseif ($client_id == "%") {
// All expenses // All expenses
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM expenses ORDER BY expense_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

4
api/v1/invoices/read.php
View File

@@ -7,12 +7,12 @@ if (isset($_GET['invoice_id'])) {
// Invoice via ID (single) // Invoice via ID (single)
$id = intval($_GET['invoice_id']); $id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");
} else { } else {
// All invoices // All invoices
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

8
api/v1/networks/read.php
View File

@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
// Specific network via ID (single) // Specific network via ID (single)
if (isset($_GET['network_id'])) { if (isset($_GET['network_id'])) {
$id = intval($_GET['network_id']); $id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id'");
} elseif (isset($_GET['network_name'])) { } elseif (isset($_GET['network_name'])) {
// Network by name // Network by name
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']); $name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) { } elseif (isset($_GET['client_id'])) {
// Network via client ID // Network via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} else { } else {
// All networks // All networks
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

6
api/v1/payments/read.php
View File

@@ -10,18 +10,18 @@ if (isset($_GET['payment_id']) && $client_id == "%") {
// Payment via ID (single) // Payment via ID (single)
$id = intval($_GET['payment_id']); $id = intval($_GET['payment_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") { } elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
// Payments for an invoice // Payments for an invoice
$id = intval($_GET['payment_invoice_id']); $id = intval($_GET['payment_invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
} elseif ($client_id == "%") { } elseif ($client_id == "%") {
// All payments // All payments
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE company_id = '$company_id' ORDER BY payment_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

4
api/v1/products/read.php
View File

@@ -9,12 +9,12 @@ if (isset($_GET['product_id']) && $client_id == "%") {
// product via ID (single) // product via ID (single)
$id = intval($_GET['product_id']); $id = intval($_GET['product_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");
} elseif ($client_id == "%") { } elseif ($client_id == "%") {
// All products // All products
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

4
api/v1/quotes/read.php
View File

@@ -7,12 +7,12 @@ if (isset($_GET['quote_id'])) {
// quote via ID (single) // quote via ID (single)
$id = intval($_GET['quote_id']); $id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");
} else { } else {
// All quotes // All quotes
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

12
api/v1/software/read.php
View File

@@ -6,35 +6,35 @@ require_once('../require_get_method.php');
// Specific software via ID (single) // Specific software via ID (single)
if (isset($_GET['software_id'])) { if (isset($_GET['software_id'])) {
$id = intval($_GET['software_id']); $id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id'");
} elseif (isset($_GET['software_key'])) { } elseif (isset($_GET['software_key'])) {
// Specific software via key // Specific software via key
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']); $key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['software_name'])) { } elseif (isset($_GET['software_name'])) {
// Software by name // Software by name
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']); $name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['software_type'])) { } elseif (isset($_GET['software_type'])) {
// Software via type // Software via type
$type = intval($_GET['software_type']); $type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} elseif (isset($_GET['client_id'])) { } elseif (isset($_GET['client_id'])) {
// Software via client ID // Software via client ID
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} else { } else {
// All software(s) // All software(s)
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

4
api/v1/tickets/read.php
View File

@@ -6,12 +6,12 @@ require_once('../require_get_method.php');
// Specific ticket via ID (single) // Specific ticket via ID (single)
if (isset($_GET['ticket_id'])) { if (isset($_GET['ticket_id'])) {
$id = intval($_GET['ticket_id']); $id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'");
} else { } else {
// All tickets // All tickets
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
} }
// Output // Output

15
api/v1/validate_api_key.php
View File

@@ -17,8 +17,8 @@ header('Content-Type: application/json');
$_POST = json_decode(file_get_contents('php://input'), true); $_POST = json_decode(file_get_contents('php://input'), true);
// Get IP & UA // Get IP & UA
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP())); $ip = santizeInput(getIP());
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT'])); $user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']);
// Setup return array // Setup return array
$return_arr = array(); $return_arr = array();
@@ -56,15 +56,15 @@ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
// Set API key variable // Set API key variable
if (isset($_GET['api_key'])) { if (isset($_GET['api_key'])) {
$api_key = $_GET['api_key']; $api_key = santizeInput($_GET['api_key']);
} }
if (isset($_POST['api_key'])) { if (isset($_POST['api_key'])) {
$api_key = $_POST['api_key']; $api_key = santizeInput($_POST['api_key']);
} }
// Validate API key // Validate API key
if (isset($api_key)) { if (isset($api_key)) {
$api_key = mysqli_real_escape_string($mysqli, $api_key); $api_key = santizeInput($api_key);
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
@@ -72,7 +72,7 @@ if (isset($api_key)) {
if (mysqli_num_rows($sql) !== 1) { if (mysqli_num_rows($sql) !== 1) {
// Invalid Key // Invalid Key
header(WORDING_UNAUTHORIZED); header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent'");
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Authentication failed. API key is invalid or has expired."; $return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
@@ -88,8 +88,7 @@ if (isset($api_key)) {
// Set client ID, company ID & key name // Set client ID, company ID & key name
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$api_key_name = htmlentities($row['api_key_name']); $api_key_name = htmlentities($row['api_key_name']);
$client_id = $row['api_key_client_id']; $client_id = intval($row['api_key_client_id']);
$company_id = $row['company_id'];
// Set limit & offset for queries // Set limit & offset for queries
if (isset($_GET['limit'])) { if (isset($_GET['limit'])) {

2
api_key_add_modal.php
View File

@@ -61,7 +61,7 @@ $key = randomString(156);
<option value="">- Client -</option> <option value="">- Client -</option>
<option value="0"> ALL CLIENTS </option> <option value="0"> ALL CLIENTS </option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); ?> $client_name = htmlentities($row['client_name']); ?>

4
calendar_event_add_modal.php
View File

@@ -48,7 +48,7 @@
<option value="">- Calendar -</option> <option value="">- Calendar -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$calendar_id = intval($row['calendar_id']); $calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']); $calendar_name = htmlentities($row['calendar_name']);
@@ -117,7 +117,7 @@
<option value="">- Client -</option> <option value="">- Client -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);

4
calendar_event_edit_modal.php
View File

@@ -50,7 +50,7 @@
<select class="form-control select2" name="calendar" required> <select class="form-control select2" name="calendar" required>
<?php <?php
$sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC"); $sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql_calendars_select)) { while ($row = mysqli_fetch_array($sql_calendars_select)) {
$calendar_id_select = intval($row['calendar_id']); $calendar_id_select = intval($row['calendar_id']);
$calendar_name_select = htmlentities($row['calendar_name']); $calendar_name_select = htmlentities($row['calendar_name']);
@@ -116,7 +116,7 @@
<option value="">- Client -</option> <option value="">- Client -</option>
<?php <?php
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC"); $sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql_clients)) { while ($row = mysqli_fetch_array($sql_clients)) {
$client_id_select = intval($row['client_id']); $client_id_select = intval($row['client_id']);
$client_name_select = htmlentities($row['client_name']); $client_name_select = htmlentities($row['client_name']);

20
calendar_events.php
View File

@@ -18,18 +18,18 @@ require_once("calendar_add_modal.php");
require_once("category_quick_add_modal.php"); require_once("category_quick_add_modal.php");
//loop through IDs and create a modal for each //loop through IDs and create a modal for each
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = $row['event_id']; $event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']); $event_title = htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']); $event_description = htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']); $event_start = htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']); $event_end = htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']); $event_repeat = htmlentities($row['event_repeat']);
$calendar_id = $row['calendar_id']; $calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']); $calendar_name = htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']); $calendar_color = htmlentities($row['calendar_color']);
$client_id = $row['event_client_id']; $client_id = intval($row['event_client_id']);
require("calendar_event_edit_modal.php"); require("calendar_event_edit_modal.php");
@@ -70,7 +70,7 @@ while ($row = mysqli_fetch_array($sql)) {
}, },
events: [ events: [
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']); $event_id = intval($row['event_id']);
$event_title = json_encode($row['event_title']); $event_title = json_encode($row['event_title']);
@@ -84,7 +84,7 @@ while ($row = mysqli_fetch_array($sql)) {
} }
//Invoices Created //Invoices Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id WHERE clients.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['invoice_id']); $event_id = intval($row['invoice_id']);
$event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']); $event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']);
@@ -94,7 +94,7 @@ while ($row = mysqli_fetch_array($sql)) {
} }
//Quotes Created //Quotes Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id WHERE clients.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['quote_id']); $event_id = intval($row['quote_id']);
$event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']); $event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
@@ -104,7 +104,7 @@ while ($row = mysqli_fetch_array($sql)) {
} }
//Tickets Created //Tickets Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id WHERE clients.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['ticket_id']); $event_id = intval($row['ticket_id']);
$event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']); $event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']);
@@ -115,7 +115,7 @@ while ($row = mysqli_fetch_array($sql)) {
} }
//Vendors Added Created //Vendors Added Created
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0 AND clients.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['vendor_id']); $event_id = intval($row['vendor_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
@@ -126,7 +126,7 @@ while ($row = mysqli_fetch_array($sql)) {
} }
//Clients Added //Clients Added
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE clients.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM clients");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['client_id']); $event_id = intval($row['client_id']);
$event_title = json_encode($row['client_name']); $event_title = json_encode($row['client_name']);

6
categories.php
View File

@@ -21,7 +21,6 @@ $sql = mysqli_query(
WHERE category_name LIKE '%$q%' WHERE category_name LIKE '%$q%'
AND category_type = '$category' AND category_type = '$category'
AND category_archived_at IS NULL AND category_archived_at IS NULL
AND company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
); );
@@ -34,8 +33,7 @@ $sql_colors_used = mysqli_query(
$mysqli, $mysqli,
"SELECT category_color FROM categories "SELECT category_color FROM categories
WHERE category_type = '$category' WHERE category_type = '$category'
AND category_archived_at IS NULL AND category_archived_at IS NULL"
AND company_id = $session_company_id"
); );
while ($color_used_row = mysqli_fetch_array($sql_colors_used)) { while ($color_used_row = mysqli_fetch_array($sql_colors_used)) {
@@ -76,7 +74,7 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

30
check_login.php
View File

@@ -26,7 +26,7 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
$session_ip = sanitizeInput(getIP()); $session_ip = sanitizeInput(getIP());
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']); $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$session_user_id = $_SESSION['user_id']; $session_user_id = intval($_SESSION['user_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@@ -34,8 +34,7 @@ $session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar']; $session_avatar = $row['user_avatar'];
$session_token = $row['user_token']; $session_token = $row['user_token'];
$session_company_id = $row['user_default_company']; $session_user_role = intval($row['user_role']);
$session_user_role = $row['user_role'];
if ($session_user_role == 3) { if ($session_user_role == 3) {
$session_user_role_display = "Administrator"; $session_user_role_display = "Administrator";
} elseif ($session_user_role == 2) { } elseif ($session_user_role == 2) {
@@ -44,22 +43,7 @@ if ($session_user_role == 3) {
$session_user_role_display = "Accountant"; $session_user_role_display = "Accountant";
} }
//LOAD USER COMPANY ACCESS PERMISSIONS $sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$session_user_company_access_sql = mysqli_query($mysqli, "SELECT company_id FROM user_companies WHERE user_id = $session_user_id");
$session_user_company_access_array = array();
while ($row = mysqli_fetch_array($session_user_company_access_sql)) {
$session_user_company_access_array[] = $row['company_id'];
}
$session_user_company_access = implode(',', $session_user_company_access_array);
//Check to see if user has rights to company Prevents User from access a company he is not allowed to have access to.
if (!in_array($session_company_id, $session_user_company_access_array)) {
session_start();
session_destroy();
header('Location: login.php');
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name']; $session_company_name = $row['company_name'];
@@ -67,6 +51,9 @@ $session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale']; $session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency']; $session_company_currency = $row['company_currency'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
require_once("get_settings.php"); require_once("get_settings.php");
//Detects if using an Apple device and uses Apple Maps instead of google //Detects if using an Apple device and uses Apple Maps instead of google
@@ -81,10 +68,7 @@ if ($iPod || $iPhone || $iPad) {
} }
//Get Notification Count for the badge on the top nav //Get Notification Count for the badge on the top nav
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL"));
$num_notifications = $row['num']; $num_notifications = $row['num'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);

4
client_add_modal.php
View File

@@ -64,7 +64,7 @@
<option value="">N/A</option> <option value="">N/A</option>
<?php <?php
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) { while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']); ?> $referral = htmlentities($row['category_name']); ?>
<option><?php echo $referral; ?></option> <option><?php echo $referral; ?></option>
@@ -271,7 +271,7 @@
<ul class="list-group"> <ul class="list-group">
<?php <?php
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 AND company_id = $session_company_id ORDER BY tag_name ASC"); $sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_tags_select)) { while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']); $tag_id_select = intval($row['tag_id']);

2
client_assets.php
View File

@@ -129,7 +129,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table border table-hover"> <table class="table border table-hover">
<thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_certificates.php
View File

@@ -61,7 +61,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<form id="multi_actions" action="post.php" method="post"> <form id="multi_actions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

20
client_contact_details.php
View File

@@ -40,28 +40,28 @@ if (isset($_GET['contact_id'])) {
$auth_method = htmlentities($row['contact_auth_method']); $auth_method = htmlentities($row['contact_auth_method']);
// Related Assets Query // Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id AND assets.company_id = $session_company_id ORDER BY asset_name DESC"); $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC");
$asset_count = mysqli_num_rows($sql_related_assets); $asset_count = mysqli_num_rows($sql_related_assets);
// Related Logins Query // Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id AND company_id = $session_company_id ORDER BY login_name DESC"); $sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id ORDER BY login_name DESC");
$login_count = mysqli_num_rows($sql_related_logins); $login_count = mysqli_num_rows($sql_related_logins);
// Related Software Query // Related Software Query
//$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id ORDER BY software.software_id DESC"); //$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id ORDER BY software.software_id DESC");
$sql_related_software = mysqli_query( $sql_related_software = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM software_contacts "SELECT * FROM software_contacts
LEFT JOIN software ON software_contacts.software_id = software.software_id LEFT JOIN software ON software_contacts.software_id = software.software_id
LEFT JOIN logins on software.software_id = logins.login_software_id LEFT JOIN logins on software.software_id = logins.login_software_id
WHERE software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id WHERE software_contacts.contact_id = $contact_id
ORDER BY software.software_id DESC" ORDER BY software.software_id DESC"
); );
$software_count = mysqli_num_rows($sql_related_software); $software_count = mysqli_num_rows($sql_related_software);
// Related Tickets Query // Related Tickets Query
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN users on ticket_assigned_to = user_id WHERE ticket_contact_id = $contact_id AND company_id = $session_company_id ORDER BY ticket_id DESC"); $sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN users on ticket_assigned_to = user_id WHERE ticket_contact_id = $contact_id ORDER BY ticket_id DESC");
$ticket_count = mysqli_num_rows($sql_related_tickets); $ticket_count = mysqli_num_rows($sql_related_tickets);
?> ?>
@@ -79,7 +79,7 @@ if (isset($_GET['contact_id'])) {
<div class="text-center"> <div class="text-center">
<?php if (!empty($contact_photo)) { ?> <?php if (!empty($contact_photo)) { ?>
<img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>"> <img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?> <?php } else { ?>
<span class="fa-stack fa-4x"> <span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>
@@ -146,7 +146,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3> <h3 class="card-title"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead> <thead>
<tr> <tr>
@@ -269,7 +269,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Passwords</h3> <h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Passwords</h3>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="table-responsive"> <div class="table-responsive-sm-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead> <thead>
<tr> <tr>
@@ -370,7 +370,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3> <h3 class="card-title"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark"> <thead class="text-dark">
<tr> <tr>
@@ -465,7 +465,7 @@ if (isset($_GET['contact_id'])) {
<h3 class="card-title"><i class="fa fa-fw fa-life-ring mr-2"></i>Tickets</h3> <h3 class="card-title"><i class="fa fa-fw fa-life-ring mr-2"></i>Tickets</h3>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark"> <thead class="text-dark">
<tr> <tr>

2
client_contact_edit_modal.php
View File

@@ -209,7 +209,7 @@
<div class="mb-3 text-center"> <div class="mb-3 text-center">
<?php if (!empty($contact_photo)) { ?> <?php if (!empty($contact_photo)) { ?>
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>"> <img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?> <?php } else { ?>
<span class="fa-stack fa-4x"> <span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>

12
client_contacts.php
View File

@@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table border"> <table class="table border">
<thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="thead-light <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>
@@ -132,19 +132,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$auth_method = htmlentities($row['contact_auth_method']); $auth_method = htmlentities($row['contact_auth_method']);
// Related Assets Query // Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id AND company_id = $session_company_id ORDER BY asset_id DESC"); $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");
$asset_count = mysqli_num_rows($sql_related_assets); $asset_count = mysqli_num_rows($sql_related_assets);
// Related Logins Query // Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id AND company_id = $session_company_id ORDER BY login_id DESC"); $sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id ORDER BY login_id DESC");
$login_count = mysqli_num_rows($sql_related_logins); $login_count = mysqli_num_rows($sql_related_logins);
// Related Software Query // Related Software Query
$sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id AND software.company_id = $session_company_id ORDER BY software.software_id DESC"); $sql_related_software = mysqli_query($mysqli, "SELECT * FROM software, software_contacts WHERE software.software_id = software_contacts.software_id AND software_contacts.contact_id = $contact_id ORDER BY software.software_id DESC");
$software_count = mysqli_num_rows($sql_related_software); $software_count = mysqli_num_rows($sql_related_software);
// Related Tickets Query // Related Tickets Query
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_contact_id = $contact_id AND company_id = $session_company_id ORDER BY ticket_id DESC"); $sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_contact_id = $contact_id ORDER BY ticket_id DESC");
$ticket_count = mysqli_num_rows($sql_related_tickets); $ticket_count = mysqli_num_rows($sql_related_tickets);
?> ?>
@@ -153,7 +153,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="text-dark" href="client_contact_details.php?client_id=<?php echo $client_id; ?>&contact_id=<?php echo $contact_id; ?>"> <a class="text-dark" href="client_contact_details.php?client_id=<?php echo $client_id; ?>&contact_id=<?php echo $contact_id; ?>">
<?php if (!empty($contact_photo)) { ?> <?php if (!empty($contact_photo)) { ?>
<img class="img-size-50 img-circle" src="<?php echo "uploads/clients/$session_company_id/$client_id/$contact_photo"; ?>"> <img class="img-size-50 img-circle" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?> <?php } else { ?>

2
client_document_add_from_template_modal.php
View File

@@ -20,7 +20,7 @@
<select class="form-control" name="document_template_id" required> <select class="form-control" name="document_template_id" required>
<option value="">- Select Template -</option> <option value="">- Select Template -</option>
<?php <?php
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND company_id = $session_company_id AND document_archived_at IS NULL ORDER BY document_name ASC"); $sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_archived_at IS NULL ORDER BY document_name ASC");
while ($row = mysqli_fetch_array($sql_document_templates)) { while ($row = mysqli_fetch_array($sql_document_templates)) {
$document_template_id = intval($row['document_id']); $document_template_id = intval($row['document_id']);
$document_template_name = htmlentities($row['document_name']); $document_template_name = htmlentities($row['document_name']);

3
client_document_templates.php
View File

@@ -23,7 +23,6 @@ $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM documents "SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_template = 1 WHERE document_template = 1
AND documents.company_id = $session_company_id
$query_snippet $query_snippet
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
); );
@@ -58,7 +57,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

3
client_documents.php
View File

@@ -33,7 +33,6 @@ $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM documents "SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_client_id = $client_id WHERE document_client_id = $client_id
AND documents.company_id = $session_company_id
AND document_template = 0 AND document_template = 0
AND document_folder_id = $folder AND document_folder_id = $folder
$query_snippet $query_snippet
@@ -150,7 +149,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-sm table-borderless table-hover"> <table class="table table-striped table-sm table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_domains.php
View File

@@ -48,7 +48,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

4
client_edit_modal.php
View File

@@ -59,7 +59,7 @@
<option value="">N/A</option> <option value="">N/A</option>
<?php <?php
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) { while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']); $referral = htmlentities($row['category_name']);
?> ?>
@@ -137,7 +137,7 @@
<?php <?php
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 AND company_id = $session_company_id ORDER BY tag_name ASC"); $sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_tags_select)) { while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']); $tag_id_select = intval($row['tag_id']);

4
client_events.php
View File

@@ -19,7 +19,7 @@ include("calendar_event_add_modal.php");
include("calendar_add_modal.php"); include("calendar_add_modal.php");
//loop through IDs and create a modal for each //loop through IDs and create a modal for each
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']); $event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']); $event_title = htmlentities($row['event_title']);
@@ -68,7 +68,7 @@ while ($row = mysqli_fetch_array($sql)) {
}, },
events: [ events: [
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']); $event_id = intval($row['event_id']);
$event_title = json_encode($row['event_title']); $event_title = json_encode($row['event_title']);

2
client_file_view_modal.php
View File

@@ -9,7 +9,7 @@
</div> </div>
<div style="text-align: center;"> <div style="text-align: center;">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>"> <img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>">
</div> </div>
</div> </div>

8
client_files.php
View File

@@ -39,10 +39,10 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3"> <div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3">
<div class="card"> <div class="card">
<a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>"> <a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>"> <img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>">
</a> </a>
<div class="card-footer bg-dark text-white p-1" style="text-align: center;"> <div class="card-footer bg-dark text-white p-1" style="text-align: center;">
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a> <a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-white float-left ml-1"><i class="fa fa-share"></i></a> <a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-white float-left ml-1"><i class="fa fa-share"></i></a>
<small><?php echo $file_name; ?></small> <small><?php echo $file_name; ?></small>
@@ -86,9 +86,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
?> ?>
<tr> <tr>
<td><a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td> <td><a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
<td> <td>
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a> <a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-secondary float-left ml-1"><i class="fa fa-share"></i></a> <a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-secondary float-left ml-1"><i class="fa fa-share"></i></a>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a> <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
</td> </td>

2
client_invoices.php
View File

@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_location_edit_modal.php
View File

@@ -158,7 +158,7 @@
<div class="mb-3" style="text-align: center;"> <div class="mb-3" style="text-align: center;">
<?php if (!empty($location_photo)) { ?> <?php if (!empty($location_photo)) { ?>
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$location_photo"; ?>"> <img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$location_photo"; ?>">
<?php } ?> <?php } ?>
</div> </div>

2
client_locations.php
View File

@@ -53,7 +53,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_logins.php
View File

@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_logs.php
View File

@@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive border"> <div class="table-responsive-sm border">
<table class="table table-hover"> <table class="table table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_networks.php
View File

@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

14
client_overview.php
View File

@@ -2,17 +2,17 @@
require_once("inc_all_client.php"); require_once("inc_all_client.php");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL AND contacts.company_id = $session_company_id ORDER BY contact_updated_at, contact_created_at DESC LIMIT 5"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL ORDER BY contact_updated_at, contact_created_at DESC LIMIT 5");
$sql_important_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND (contact_important = 1 OR contact_billing = 1 OR contact_technical = 1 OR contact_id = $primary_contact) AND contact_archived_at IS NULL AND contacts.company_id = $session_company_id ORDER BY contact_name DESC"); $sql_important_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id AND (contact_important = 1 OR contact_billing = 1 OR contact_technical = 1 OR contact_id = $primary_contact) AND contact_archived_at IS NULL ORDER BY contact_name DESC");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_template = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_updated_at DESC LIMIT 5"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_updated_at DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = $client_id AND document_archived_at IS NULL AND documents.company_id = $session_company_id ORDER BY document_updated_at DESC LIMIT 5"); $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = $client_id AND document_archived_at IS NULL ORDER BY document_updated_at DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id AND tickets.company_id = $session_company_id ORDER BY ticket_updated_at DESC LIMIT 5"); $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id ORDER BY ticket_updated_at DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = $client_id AND company_id = $session_company_id ORDER BY login_updated_at DESC LIMIT 5"); $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = $client_id ORDER BY login_updated_at DESC LIMIT 5");
// Expiring Items // Expiring Items
@@ -24,7 +24,7 @@ $sql_domains_expiring = mysqli_query(
AND domain_expire != '0000-00-00' AND domain_expire != '0000-00-00'
AND domain_archived_at IS NULL AND domain_archived_at IS NULL
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND company_id = $session_company_id ORDER BY domain_expire DESC" ORDER BY domain_expire DESC"
); );
?> ?>

2
client_payments.php
View File

@@ -50,7 +50,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_quotes.php
View File

@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_recurring_invoices.php
View File

@@ -51,7 +51,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

4
client_scheduled_tickets.php
View File

@@ -1,4 +1,4 @@
<?php h<?php
// Default Column Sortby Filter // Default Column Sortby Filter
$sb = "scheduled_ticket_subject"; $sb = "scheduled_ticket_subject";
@@ -54,7 +54,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<form id="bulk_actions" action="post.php" method="post"> <form id="bulk_actions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

2
client_services.php
View File

@@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_shared_items.php
View File

@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_software.php
View File

@@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_software_add_from_template_modal.php
View File

@@ -20,7 +20,7 @@
<select class="form-control" name="software_template_id" required> <select class="form-control" name="software_template_id" required>
<option value="">- Select Template -</option> <option value="">- Select Template -</option>
<?php <?php
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND company_id = $session_company_id AND software_archived_at IS NULL ORDER BY software_name ASC"); $sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND software_archived_at IS NULL ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software_templates)){ while($row = mysqli_fetch_array($sql_software_templates)){
$software_template_id = intval($row['software_id']); $software_template_id = intval($row['software_id']);
$software_template_name = htmlentities($row['software_name']); $software_template_name = htmlentities($row['software_name']);

2
client_tickets.php
View File

@@ -58,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

3
client_trips.php
View File

@@ -15,7 +15,6 @@ $sql = mysqli_query(
LEFT JOIN users ON trip_user_id = user_id LEFT JOIN users ON trip_user_id = user_id
WHERE (trip_purpose LIKE '%$q%' OR trip_source LIKE '%$q%' OR trip_destination LIKE '%$q%' OR user_name LIKE '%$q%') WHERE (trip_purpose LIKE '%$q%' OR trip_source LIKE '%$q%' OR trip_destination LIKE '%$q%' OR user_name LIKE '%$q%')
AND DATE(trip_date) BETWEEN '$dtf' AND '$dtt' AND DATE(trip_date) BETWEEN '$dtf' AND '$dtt'
AND company_id = $session_company_id
AND trip_client_id = $client_id AND trip_client_id = $client_id
ORDER BY $sb $o LIMIT $record_from, $record_to"); ORDER BY $sb $o LIMIT $record_from, $record_to");
@@ -54,7 +53,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
client_vendors.php
View File

@@ -61,7 +61,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

7
clients.php
View File

@@ -20,7 +20,6 @@ $sql = mysqli_query(
OR contact_mobile LIKE '%$phone_query%' OR location_address LIKE '%$q%' OR location_city LIKE '%$q%' OR location_state LIKE '%$q%' OR location_zip LIKE '%$q%' OR tag_name LIKE '%$q%') OR contact_mobile LIKE '%$phone_query%' OR location_address LIKE '%$q%' OR location_city LIKE '%$q%' OR location_state LIKE '%$q%' OR location_zip LIKE '%$q%' OR tag_name LIKE '%$q%')
AND client_archived_at IS NULL AND client_archived_at IS NULL
AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt'
AND clients.company_id = $session_company_id
GROUP BY clients.client_id GROUP BY clients.client_id
ORDER BY $sb $o LIMIT $record_from, $record_to ORDER BY $sb $o LIMIT $record_from, $record_to
"); ");
@@ -86,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-hover table-borderless"> <table class="table table-striped table-hover table-borderless">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>
@@ -175,13 +174,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} }
//Get Monthly Recurring Total //Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id AND company_id = $session_company_id"); $sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total); $row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']); $recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total //Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id AND company_id = $session_company_id"); $sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total); $row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12; $recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12;

133
companies.php
View File

@@ -1,133 +0,0 @@
<?php
// Default Column Sortby Filter
$sb = "company_name";
$o = "ASC";
require_once("inc_all_settings.php");
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM companies, settings
WHERE companies.company_id = settings.company_id
AND (company_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-building mr-2"></i>Companies</h3>
</div>
<div class="card-body">
<div class="alert alert-danger" role="alert">
<b>The multi-company feature is deprecated and should not be used. </b> It will be removed in the near future - please see the <a href="https://forum.itflow.org/d/74-removing-the-multi-company-feature">forum post</a>.
</div>
<hr>
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_address&o=<?php echo $disp; ?>">Address</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_phone&o=<?php echo $disp; ?>">Phone</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_email&o=<?php echo $disp; ?>">Email</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=company_website&o=<?php echo $disp; ?>">Website</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql)) {
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
$company_locale = htmlentities($row['company_locale']);
$company_currency = htmlentities($row['company_currency']);
$company_initials = htmlentities(initials($company_name));
?>
<tr>
<td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<?php if (!empty($company_logo)) { ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $company_initials; ?></span>
</span>
<br>
<?php } ?>
<div class="text-secondary"><?php echo $company_name; ?></div>
</a>
</td>
<td><?php echo $company_address; ?></td>
<td><?php echo $company_phone; ?></td>
<td><?php echo $company_email; ?></td>
<td><?php echo $company_website; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_company=<?php echo $company_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_company=<?php echo $company_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>
</tr>
<?php
require("company_edit_modal.php");
}
?>
</tbody>
</table>
</div>
<?php require_once("pagination.php"); ?>
</div>
</div>
<?php
require_once("footer.php");

195
company_edit_modal.php
View File

@@ -1,195 +0,0 @@
<div class="modal" id="editCompanyModal<?php echo $company_id; ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>Editing company: <strong><?php echo $company_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="company_id" value="<?php echo $company_id; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $company_logo; ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-details<?php echo $company_id; ?>">Details</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-address<?php echo $company_id; ?>">Address</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-contact<?php echo $company_id; ?>">Contact</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-locale<?php echo $company_id; ?>">Locale</a>
</li>
</ul>
<hr>
<div class="tab-content">
<div class="tab-pane fade show active" id="pills-details<?php echo $company_id; ?>">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Company Name" value="<?php echo $company_name; ?>" required>
</div>
</div>
<div class="card col-md-2">
<div class="card-body">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
</div>
<div class="form-group">
<input type="file" class="form-control-file" name="file">
</div>
</div>
<div class="tab-pane fade" id="pills-address<?php echo $company_id; ?>">
<div class="form-group">
<label>Address</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-map-marker-alt"></i></span>
</div>
<input type="text" class="form-control" name="address" placeholder="Street Address" value="<?php echo $company_address; ?>">
</div>
</div>
<div class="form-group">
<label>City</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-city"></i></span>
</div>
<input type="text" class="form-control" name="city" placeholder="City" value="<?php echo $company_city; ?>">
</div>
</div>
<div class="form-group">
<label>State / Province</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<input type="text" class="form-control" name="state" placeholder="State or Province" value="<?php echo $company_state; ?>">
</div>
</div>
<div class="form-group">
<label>Zip / Postal Code</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fab fa-fw fa-usps"></i></span>
</div>
<input type="text" class="form-control" name="zip" placeholder="Zip or Postal Code" value="<?php echo $company_zip; ?>">
</div>
</div>
<div class="form-group">
<label>Country</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<select class="form-control select2" name="country">
<option value="">- Country -</option>
<?php foreach($countries_array as $country_name) { ?>
<option <?php if ($company_country == $country_name) { echo "selected"; } ?>><?php echo $country_name; ?></option>
<?php } ?>
</select>
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-contact<?php echo $company_id; ?>">
<div class="form-group">
<label>Phone</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-phone"></i></span>
</div>
<input type="text" class="form-control" name="phone" placeholder="Phone Number" value="<?php echo $company_phone; ?>">
</div>
</div>
<div class="form-group">
<label>Email</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="email" class="form-control" name="email" placeholder="Email address" value="<?php echo $company_email; ?>">
</div>
</div>
<div class="form-group">
<label>Website</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
</div>
<input type="text" class="form-control" name="website" placeholder="Website address" value="<?php echo $company_website; ?>">
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-locale<?php echo $company_id; ?>">
<div class="form-group">
<label>Locale <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
</div>
<select class="form-control select2" name="locale" required>
<option value="">- Select a Locale -</option>
<?php foreach($locales_array as $locale_code => $locale_name) { ?>
<option <?php if ($company_locale == $locale_code) { echo "selected"; } ?> value="<?php echo $locale_code; ?>"><?php echo "$locale_code - $locale_name"; ?></option>
<?php } ?>
</select>
</div>
</div>
<div class="form-group">
<label>Currency <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-money-bill"></i></span>
</div>
<select class="form-control select2" name="currency_code" required>
<option value="">- Currency -</option>
<?php foreach($currencies_array as $currency_code => $currency_name) { ?>
<option <?php if ($company_currency == $currency_code) { echo "selected"; } ?> value="<?php echo $currency_code; ?>"><?php echo "$currency_code - $currency_name"; ?></option>
<?php } ?>
</select>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>
</div>
</div>

1358
cron.php
View File

File diff suppressed because it is too large Load Diff

39
cron_ticket_email_parser.php
View File

@@ -19,8 +19,6 @@ require_once("config.php");
require_once("functions.php"); require_once("functions.php");
// Get settings for the "default" company // Get settings for the "default" company
$company_id = 1;
$session_company_id = 1;
require_once("get_settings.php"); require_once("get_settings.php");
// Check setting enabled // Check setting enabled
@@ -51,30 +49,30 @@ require_once("plugins/php-mime-mail-parser/src/Parser.php");
// Function to raise a new ticket for a given contact and email them confirmation (if configured) // Function to raise a new ticket for a given contact and email them confirmation (if configured)
function addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message) { function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message) {
// Access global variables // Access global variables
global $mysqli, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_smtp_host, $config_smtp_port, $config_smtp_encryption, $config_smtp_username, $config_smtp_password; global $mysqli, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_smtp_host, $config_smtp_port, $config_smtp_encryption, $config_smtp_username, $config_smtp_password;
// Get the next Ticket Number and add 1 for the new ticket number // Get the next Ticket Number and add 1 for the new ticket number
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = $company_id")); $ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"));
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']); $ticket_number = intval($ticket_number_sql['config_ticket_next_number']);
$new_config_ticket_next_number = $ticket_number + 1; $new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $company_id"); mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Prep ticket details // Prep ticket details
$message = nl2br(htmlentities(strip_tags($message))); $message = nl2br(htmlentities(strip_tags($message)));
$message = trim(mysqli_real_escape_string($mysqli, "<i>Email from: $contact_email at $date:-</i> <br><br>$message")); $message = trim(mysqli_real_escape_string($mysqli, "<i>Email from: $contact_email at $date:-</i> <br><br>$message"));
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact_id, ticket_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact_id, ticket_client_id = $client_id");
$id = mysqli_insert_id($mysqli); $id = mysqli_insert_id($mysqli);
// Logging // Logging
echo "Created new ticket.<br>"; echo "Created new ticket.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Email parser: Client contact $contact_email created ticket $config_ticket_prefix$ticket_number ($subject) ($id)', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Email parser: Client contact $contact_email created ticket $config_ticket_prefix$ticket_number ($subject) ($id)', log_client_id = $client_id");
// Get company name & phone // Get company name & phone
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = $company_id"); $sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_name = $row['company_name']; $company_name = $row['company_name'];
@@ -101,8 +99,8 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $comp
); );
if ($mail !== true) { if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'");
} }
} }
@@ -127,7 +125,7 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$message = "<i>Email from: $from_email at $date:-</i> <br><br>$message"; $message = "<i>Email from: $from_email at $date:-</i> <br><br>$message";
// Lookup the ticket ID // Lookup the ticket ID
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, tickets.company_id, contact_email $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email
FROM tickets FROM tickets
LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id
WHERE ticket_number = $ticket_number LIMIT 1")); WHERE ticket_number = $ticket_number LIMIT 1"));
@@ -140,11 +138,10 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$ticket_reply_contact = intval($row['ticket_contact_id']); $ticket_reply_contact = intval($row['ticket_contact_id']);
$ticket_contact_email = $row['contact_email']; $ticket_contact_email = $row['contact_email'];
$client_id = intval($row['ticket_client_id']); $client_id = intval($row['ticket_client_id']);
$company_id = intval($row['company_id']);
// Check ticket isn't closed // Check ticket isn't closed
if ($ticket_status == "Closed") { if ($ticket_status == "Closed") {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Email parser: $from_email attempted to re-open ticket $config_ticket_prefix$ticket_number (ID $ticket_id) - check inbox manually to see email', notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Email parser: $from_email attempted to re-open ticket $config_ticket_prefix$ticket_number (ID $ticket_id) - check inbox manually to see email', notification_client_id = $client_id");
return false; return false;
} }
@@ -171,13 +168,13 @@ function addReply($from_email, $date, $subject, $ticket_number, $message) {
$comment = trim(mysqli_real_escape_string($mysqli, $message)); $comment = trim(mysqli_real_escape_string($mysqli, $message));
// Add the comment // Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id");
// Update Ticket Last Response Field & set ticket to open as client has replied // Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open' WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open' WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
echo "Updated existing ticket.<br>"; echo "Updated existing ticket.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Email parser: Client contact $from_email updated ticket $config_ticket_prefix$ticket_number ($subject)', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Email parser: Client contact $from_email updated ticket $config_ticket_prefix$ticket_number ($subject)', log_client_id = $client_id");
return true; return true;
@@ -197,7 +194,7 @@ $imap = imap_open("{{$imap_mailbox}}INBOX", $config_smtp_username, $config_smtp_
if (!$imap) { if (!$imap) {
// Logging // Logging
$extended_log_description = var_export(imap_errors(), true); $extended_log_description = var_export(imap_errors(), true);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Email parser: Failed to connect to IMAP. Details: $extended_log_description', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Email parser: Failed to connect to IMAP. Details: $extended_log_description'");
exit("Could not connect to IMAP"); exit("Could not connect to IMAP");
} }
@@ -268,9 +265,8 @@ if ($emails) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_email = $row['contact_email']; $contact_email = $row['contact_email'];
$client_id = intval($row['contact_client_id']); $client_id = intval($row['contact_client_id']);
$company_id = intval($row['company_id']);
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message)) { if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message)) {
$email_processed = true; $email_processed = true;
} }
@@ -287,20 +283,19 @@ if ($emails) {
// Client details // Client details
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$company_id = intval($row['company_id']);
// Contact details // Contact details
$password = password_hash(randomString(), PASSWORD_DEFAULT); $password = password_hash(randomString(), PASSWORD_DEFAULT);
$contact_name = $from_name; $contact_name = $from_name;
$contact_email = $from_email; $contact_email = $from_email;
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_notes = 'Added automatically via email parsing.', contact_password_hash = '$password', contact_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_notes = 'Added automatically via email parsing.', contact_password_hash = '$password', contact_client_id = $client_id");
$contact_id = mysqli_insert_id($mysqli); $contact_id = mysqli_insert_id($mysqli);
// Logging for contact creation // Logging for contact creation
echo "Created new contact.<br>"; echo "Created new contact.<br>";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = 'Email parser: created contact $contact_name', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = 'Email parser: created contact $contact_name', log_client_id = $client_id");
if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $company_id, $date, $subject, $message)) { if (addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message)) {
$email_processed = true; $email_processed = true;
} }

68
dashboard_financial.php
View File

@@ -15,10 +15,10 @@ if (isset($_GET['year'])) {
//GET unique years from expenses, payments invoices and revenues //GET unique years from expenses, payments invoices and revenues
$sql_years_select = mysqli_query( $sql_years_select = mysqli_query(
$mysqli, $mysqli,
"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id "SELECT YEAR(expense_date) AS all_years FROM expenses
UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues
UNION DISTINCT SELECT YEAR(invoice_date) FROM invoices WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(invoice_date) FROM invoices
ORDER BY all_years DESC ORDER BY all_years DESC
"); ");
@@ -26,32 +26,32 @@ $sql_years_select = mysqli_query(
$largest_income_month = 0; $largest_income_month = 0;
//Get Total income //Get Total income
$sql_total_payments_to_invoices = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id"); $sql_total_payments_to_invoices = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year");
$row = mysqli_fetch_array($sql_total_payments_to_invoices); $row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = floatval($row['total_payments_to_invoices']); $total_payments_to_invoices = floatval($row['total_payments_to_invoices']);
//Do not grab transfer payment as these have a category_id of 0 //Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id"); $sql_total_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0");
$row = mysqli_fetch_array($sql_total_revenues); $row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = floatval($row['total_revenues']); $total_revenues = floatval($row['total_revenues']);
$total_income = $total_payments_to_invoices + $total_revenues; $total_income = $total_payments_to_invoices + $total_revenues;
//Get Total expenses and do not grab transfer expenses as these have a vendor of 0 //Get Total expenses and do not grab transfer expenses as these have a vendor of 0
$sql_total_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_vendor_id > 0 AND YEAR(expense_date) = $year AND company_id = $session_company_id"); $sql_total_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_vendor_id > 0 AND YEAR(expense_date) = $year");
$row = mysqli_fetch_array($sql_total_expenses); $row = mysqli_fetch_array($sql_total_expenses);
$total_expenses = floatval($row['total_expenses']); $total_expenses = floatval($row['total_expenses']);
//Total up all the Invoices that are not draft or cancelled //Total up all the Invoices that are not draft or cancelled
$sql_invoice_totals = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year AND company_id = $session_company_id"); $sql_invoice_totals = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year");
$row = mysqli_fetch_array($sql_invoice_totals); $row = mysqli_fetch_array($sql_invoice_totals);
$invoice_totals = floatval($row['invoice_totals']); $invoice_totals = floatval($row['invoice_totals']);
//Quaeries from Receivables //Quaeries from Receivables
$sql_total_payments_to_invoices_all_years = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices_all_years FROM payments WHERE company_id = $session_company_id"); $sql_total_payments_to_invoices_all_years = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices_all_years FROM payments");
$row = mysqli_fetch_array($sql_total_payments_to_invoices_all_years); $row = mysqli_fetch_array($sql_total_payments_to_invoices_all_years);
$total_payments_to_invoices_all_years = floatval($row['total_payments_to_invoices_all_years']); $total_payments_to_invoices_all_years = floatval($row['total_payments_to_invoices_all_years']);
$sql_invoice_totals_all_years = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals_all_years FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $session_company_id"); $sql_invoice_totals_all_years = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals_all_years FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'");
$row = mysqli_fetch_array($sql_invoice_totals_all_years); $row = mysqli_fetch_array($sql_invoice_totals_all_years);
$invoice_totals_all_years = floatval($row['invoice_totals_all_years']); $invoice_totals_all_years = floatval($row['invoice_totals_all_years']);
@@ -59,14 +59,13 @@ $receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years
$profit = $total_income - $total_expenses; $profit = $total_income - $total_expenses;
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE company_id = $session_company_id"); $sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts");
$sql_latest_invoice_payments = mysqli_query( $sql_latest_invoice_payments = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM payments, invoices, clients "SELECT * FROM payments, invoices, clients
WHERE payment_invoice_id = invoice_id WHERE payment_invoice_id = invoice_id
AND invoice_client_id = client_id AND invoice_client_id = client_id
AND clients.company_id = $session_company_id
ORDER BY payment_id DESC LIMIT 5" ORDER BY payment_id DESC LIMIT 5"
); );
@@ -75,31 +74,30 @@ $sql_latest_expenses = mysqli_query(
"SELECT * FROM expenses, vendors, categories "SELECT * FROM expenses, vendors, categories
WHERE expense_vendor_id = vendor_id WHERE expense_vendor_id = vendor_id
AND expense_category_id = category_id AND expense_category_id = category_id
AND expenses.company_id = $session_company_id
ORDER BY expense_id DESC LIMIT 5" ORDER BY expense_id DESC LIMIT 5"
); );
//Get Monthly Recurring Total //Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND company_id = $session_company_id"); $sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month'");
$row = mysqli_fetch_array($sql_recurring_monthly_total); $row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']); $recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total //Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND company_id = $session_company_id"); $sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year'");
$row = mysqli_fetch_array($sql_recurring_yearly_total); $row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']); $recurring_yearly_total = floatval($row['recurring_yearly_total']);
//Get Total Miles Driven //Get Total Miles Driven
$sql_miles_driven = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS total_miles FROM trips WHERE YEAR(trip_date) = $year AND company_id = $session_company_id"); $sql_miles_driven = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS total_miles FROM trips WHERE YEAR(trip_date) = $year");
$row = mysqli_fetch_array($sql_miles_driven); $row = mysqli_fetch_array($sql_miles_driven);
$total_miles = floatval($row['total_miles']); $total_miles = floatval($row['total_miles']);
//Get Total Clients added //Get Total Clients added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients WHERE YEAR(client_created_at) = $year AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients WHERE YEAR(client_created_at) = $year"));
$clients_added = intval($row['clients_added']); $clients_added = intval($row['clients_added']);
//Get Total Vendors added //Get Total Vendors added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS vendors_added FROM vendors WHERE YEAR(vendor_created_at) = $year AND vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS vendors_added FROM vendors WHERE YEAR(vendor_created_at) = $year AND vendor_client_id = 0 AND vendor_template = 0"));
$vendors_added = intval($row['vendors_added']); $vendors_added = intval($row['vendors_added']);
?> ?>
@@ -490,11 +488,11 @@ $vendors_added = intval($row['vendors_added']);
data: [ data: [
<?php <?php
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month");
$row = mysqli_fetch_array($sql_payments); $row = mysqli_fetch_array($sql_payments);
$payments_for_month = floatval($row['payment_amount_for_month']); $payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND company_id = $session_company_id"); $sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month");
$row = mysqli_fetch_array($sql_revenues); $row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = floatval($row['revenue_amount_for_month']); $revenues_for_month = floatval($row['revenue_amount_for_month']);
@@ -529,11 +527,11 @@ $vendors_added = intval($row['vendors_added']);
data: [ data: [
<?php <?php
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year-1 AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year-1 AND MONTH(payment_date) = $month");
$row = mysqli_fetch_array($sql_payments); $row = mysqli_fetch_array($sql_payments);
$payments_for_month = floatval($row['payment_amount_for_month']); $payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year-1 AND MONTH(revenue_date) = $month AND company_id = $session_company_id"); $sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year-1 AND MONTH(revenue_date) = $month");
$row = mysqli_fetch_array($sql_revenues); $row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = floatval($row['revenue_amount_for_month']); $revenues_for_month = floatval($row['revenue_amount_for_month']);
@@ -571,7 +569,7 @@ $vendors_added = intval($row['vendors_added']);
$largest_invoice_month = 0; $largest_invoice_month = 0;
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_projected = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amount_for_month FROM invoices WHERE YEAR(invoice_due) = $year AND MONTH(invoice_due) = $month AND invoice_status NOT LIKE 'Cancelled' AND invoice_status NOT LIKE 'Draft' AND company_id = $session_company_id"); $sql_projected = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amount_for_month FROM invoices WHERE YEAR(invoice_due) = $year AND MONTH(invoice_due) = $month AND invoice_status NOT LIKE 'Cancelled' AND invoice_status NOT LIKE 'Draft'");
$row = mysqli_fetch_array($sql_projected); $row = mysqli_fetch_array($sql_projected);
$invoice_for_month = floatval($row['invoice_amount_for_month']); $invoice_for_month = floatval($row['invoice_amount_for_month']);
@@ -607,7 +605,7 @@ $vendors_added = intval($row['vendors_added']);
$largest_expense_month = 0; $largest_expense_month = 0;
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0 AND expenses.company_id = $session_company_id"); $sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0");
$row = mysqli_fetch_array($sql_expenses); $row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = floatval($row['expense_amount_for_month']); $expenses_for_month = floatval($row['expense_amount_for_month']);
@@ -683,7 +681,7 @@ $vendors_added = intval($row['vendors_added']);
data: [ data: [
<?php <?php
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_trips = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month AND trips.company_id = $session_company_id"); $sql_trips = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month");
$row = mysqli_fetch_array($sql_trips); $row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = floatval($row['trip_miles_for_month']); $trip_miles_for_month = floatval($row['trip_miles_for_month']);
$largest_trip_miles_month = 0; $largest_trip_miles_month = 0;
@@ -746,7 +744,7 @@ $vendors_added = intval($row['vendors_added']);
data: { data: {
labels: [ labels: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_name = json_encode($row['category_name']); $category_name = json_encode($row['category_name']);
echo "$category_name,"; echo "$category_name,";
@@ -758,11 +756,11 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{ datasets: [{
data: [ data: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$sql_invoices = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS income_amount_for_year FROM invoices WHERE invoice_category_id = $category_id AND YEAR(invoice_date) = $year AND company_id = $session_company_id"); $sql_invoices = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS income_amount_for_year FROM invoices WHERE invoice_category_id = $category_id AND YEAR(invoice_date) = $year");
$row = mysqli_fetch_array($sql_invoices); $row = mysqli_fetch_array($sql_invoices);
$income_amount_for_year = floatval($row['income_amount_for_year']); $income_amount_for_year = floatval($row['income_amount_for_year']);
echo "$income_amount_for_year,"; echo "$income_amount_for_year,";
@@ -773,7 +771,7 @@ $vendors_added = intval($row['vendors_added']);
], ],
backgroundColor: [ backgroundColor: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";
@@ -803,7 +801,7 @@ $vendors_added = intval($row['vendors_added']);
data: { data: {
labels: [ labels: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_name = json_encode($row['category_name']); $category_name = json_encode($row['category_name']);
echo "$category_name,"; echo "$category_name,";
@@ -815,7 +813,7 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{ datasets: [{
data: [ data: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_id = $row['category_id']; $category_id = $row['category_id'];
@@ -830,7 +828,7 @@ $vendors_added = intval($row['vendors_added']);
], ],
backgroundColor: [ backgroundColor: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";
@@ -856,7 +854,7 @@ $vendors_added = intval($row['vendors_added']);
data: { data: {
labels: [ labels: [
<?php <?php
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id"); $sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_name = json_encode($row['vendor_name']); $vendor_name = json_encode($row['vendor_name']);
echo "$vendor_name,"; echo "$vendor_name,";
@@ -868,7 +866,7 @@ $vendors_added = intval($row['vendors_added']);
datasets: [{ datasets: [{
data: [ data: [
<?php <?php
$sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id"); $sql_vendors = mysqli_query($mysqli, "SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = $row['vendor_id']; $vendor_id = $row['vendor_id'];
@@ -883,7 +881,7 @@ $vendors_added = intval($row['vendors_added']);
], ],
backgroundColor: [ backgroundColor: [
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id"); $sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";

23
dashboard_technical.php
View File

@@ -12,9 +12,8 @@ if (isset($_GET['year'])) {
$sql_payment_years = mysqli_query( $sql_payment_years = mysqli_query(
$mysqli, $mysqli,
"SELECT YEAR(expense_date) AS all_years FROM expenses "SELECT YEAR(expense_date) AS all_years FROM expenses
WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments
UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues
UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id
ORDER BY all_years DESC" ORDER BY all_years DESC"
); );
@@ -22,8 +21,7 @@ $sql_payment_years = mysqli_query(
$sql_clients = mysqli_fetch_assoc(mysqli_query( $sql_clients = mysqli_fetch_assoc(mysqli_query(
$mysqli, $mysqli,
"SELECT COUNT('client_id') AS clients_added FROM clients "SELECT COUNT('client_id') AS clients_added FROM clients
WHERE YEAR(client_created_at) = $year WHERE YEAR(client_created_at) = $year"
AND company_id = $session_company_id"
)); ));
$clients_added = $sql_clients['clients_added']; $clients_added = $sql_clients['clients_added'];
@@ -31,8 +29,7 @@ $clients_added = $sql_clients['clients_added'];
$sql_contacts = mysqli_fetch_assoc(mysqli_query( $sql_contacts = mysqli_fetch_assoc(mysqli_query(
$mysqli, $mysqli,
"SELECT COUNT('contact_id') AS contacts_added FROM contacts "SELECT COUNT('contact_id') AS contacts_added FROM contacts
WHERE YEAR(contact_created_at) = $year WHERE YEAR(contact_created_at) = $year"
AND company_id = $session_company_id"
)); ));
$contacts_added = $sql_contacts['contacts_added']; $contacts_added = $sql_contacts['contacts_added'];
@@ -40,8 +37,7 @@ $contacts_added = $sql_contacts['contacts_added'];
$sql_assets = mysqli_fetch_assoc(mysqli_query( $sql_assets = mysqli_fetch_assoc(mysqli_query(
$mysqli, $mysqli,
"SELECT COUNT('asset_id') AS assets_added FROM assets "SELECT COUNT('asset_id') AS assets_added FROM assets
WHERE YEAR(asset_created_at) = $year WHERE YEAR(asset_created_at) = $year"
AND company_id = $session_company_id"
)); ));
$assets_added = $sql_assets['assets_added']; $assets_added = $sql_assets['assets_added'];
@@ -50,8 +46,7 @@ $sql_tickets = mysqli_fetch_assoc(mysqli_query(
$mysqli, $mysqli,
"SELECT COUNT('ticket_id') AS active_tickets "SELECT COUNT('ticket_id') AS active_tickets
FROM tickets FROM tickets
WHERE ticket_status != 'Closed' WHERE ticket_status != 'Closed'"
AND company_id = $session_company_id"
)); ));
$active_tickets = $sql_tickets['active_tickets']; $active_tickets = $sql_tickets['active_tickets'];
@@ -63,8 +58,7 @@ $sql_domains_expiring = mysqli_fetch_assoc(mysqli_query(
WHERE domain_expire IS NOT NULL WHERE domain_expire IS NOT NULL
AND domain_expire > CURRENT_DATE AND domain_expire > CURRENT_DATE
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND domain_archived_at IS NULL AND domain_archived_at IS NULL"
AND company_id = $session_company_id"
)); ));
$expiring_domains = $sql_domains_expiring['expiring_domains']; $expiring_domains = $sql_domains_expiring['expiring_domains'];
@@ -76,8 +70,7 @@ $sql_certs_expiring = mysqli_fetch_assoc(mysqli_query(
WHERE certificate_expire IS NOT NULL WHERE certificate_expire IS NOT NULL
AND certificate_expire > CURRENT_DATE AND certificate_expire > CURRENT_DATE
AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY
AND certificate_archived_at IS NULL AND certificate_archived_at IS NULL"
AND company_id = $session_company_id"
)); ));
$expiring_certificates = $sql_certs_expiring['expiring_certs']; $expiring_certificates = $sql_certs_expiring['expiring_certs'];

58
database_updates.php
View File

@@ -877,13 +877,65 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.5'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.5'");
} }
//if (CURRENT_DATABASE_VERSION == '0.4.5') { if (CURRENT_DATABASE_VERSION == '0.4.5') {
// Insert queries here required to update to DB version 0.4.6 // Insert queries here required to update to DB version 0.4.6
mysqli_query($mysqli, "ALTER TABLE `contacts` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `locations` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `assets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `software` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `logins` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `networks` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `certificates` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `domains` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `tickets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `ticket_replies` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `scheduled_tickets` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `services` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `vendors` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `calendars` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `events` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `files` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `documents` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `folders` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `invoices` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `recurring` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `quotes` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `history` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `invoice_items` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `payments` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `trips` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `clients` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `expenses` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `transfers` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `revenues` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `api_keys` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `taxes` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `categories` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `tags` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `accounts` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `interfaces` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `records` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `logs` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `notifications` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `products` DROP `company_id`");
mysqli_query($mysqli, "ALTER TABLE `companies` DROP `company_archived_at`");
mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_default_company`");
mysqli_query($mysqli, "DROP TABLE `user_companies`");
mysqli_query($mysqli, "DROP TABLE `user_keys`"); //Unused Table
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.6'");
}
//if (CURRENT_DATABASE_VERSION == '0.4.6') {
// Insert queries here required to update to DB version 0.4.7
// Then, update the database to the next sequential version // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.6'"); // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.4.7'");
//} //}
} else { } else {
// Up-to-date // Up-to-date
} }

2
database_version.php
View File

@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php * It is used in conjunction with database_updates.php
*/ */
DEFINE("LATEST_DATABASE_VERSION", "0.4.5"); DEFINE("LATEST_DATABASE_VERSION", "0.4.6");

73
db.sql
View File

@@ -31,7 +31,6 @@ CREATE TABLE `accounts` (
`account_created_at` datetime NOT NULL DEFAULT current_timestamp(), `account_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`account_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `account_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`account_archived_at` datetime DEFAULT NULL, `account_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`account_id`) PRIMARY KEY (`account_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -50,7 +49,6 @@ CREATE TABLE `api_keys` (
`api_key_created_at` datetime NOT NULL DEFAULT current_timestamp(), `api_key_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`api_key_expire` date NOT NULL, `api_key_expire` date NOT NULL,
`api_key_client_id` int(11) NOT NULL DEFAULT 0, `api_key_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`api_key_id`) PRIMARY KEY (`api_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -129,7 +127,6 @@ CREATE TABLE `assets` (
`asset_contact_id` int(11) NOT NULL DEFAULT 0, `asset_contact_id` int(11) NOT NULL DEFAULT 0,
`asset_network_id` int(11) NOT NULL DEFAULT 0, `asset_network_id` int(11) NOT NULL DEFAULT 0,
`asset_client_id` int(11) NOT NULL DEFAULT 0, `asset_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`asset_id`) PRIMARY KEY (`asset_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -148,7 +145,6 @@ CREATE TABLE `calendars` (
`calendar_created_at` datetime NOT NULL DEFAULT current_timestamp(), `calendar_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`calendar_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `calendar_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`calendar_archived_at` datetime DEFAULT NULL, `calendar_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`calendar_id`) PRIMARY KEY (`calendar_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -168,7 +164,6 @@ CREATE TABLE `categories` (
`category_created_at` datetime NOT NULL DEFAULT current_timestamp(), `category_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`category_archived_at` datetime DEFAULT NULL, `category_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`category_id`) PRIMARY KEY (`category_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -194,7 +189,6 @@ CREATE TABLE `certificates` (
`certificate_accessed_at` datetime DEFAULT NULL, `certificate_accessed_at` datetime DEFAULT NULL,
`certificate_domain_id` int(11) NOT NULL DEFAULT 0, `certificate_domain_id` int(11) NOT NULL DEFAULT 0,
`certificate_client_id` int(11) NOT NULL DEFAULT 0, `certificate_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`certificate_id`) PRIMARY KEY (`certificate_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -235,7 +229,6 @@ CREATE TABLE `clients` (
`client_accessed_at` datetime DEFAULT NULL, `client_accessed_at` datetime DEFAULT NULL,
`primary_location` int(11) NOT NULL DEFAULT 0, `primary_location` int(11) NOT NULL DEFAULT 0,
`primary_contact` int(11) NOT NULL DEFAULT 0, `primary_contact` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`client_id`) PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -263,7 +256,6 @@ CREATE TABLE `companies` (
`company_currency` varchar(200) NOT NULL, `company_currency` varchar(200) NOT NULL,
`company_created_at` datetime NOT NULL DEFAULT current_timestamp(), `company_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`company_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `company_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`company_archived_at` datetime DEFAULT NULL,
PRIMARY KEY (`company_id`) PRIMARY KEY (`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -355,7 +347,6 @@ CREATE TABLE `contacts` (
`contact_location_id` int(11) NOT NULL DEFAULT 0, `contact_location_id` int(11) NOT NULL DEFAULT 0,
`contact_department` varchar(200) DEFAULT NULL, `contact_department` varchar(200) DEFAULT NULL,
`contact_client_id` int(11) NOT NULL DEFAULT 0, `contact_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`) PRIMARY KEY (`contact_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -379,7 +370,6 @@ CREATE TABLE `documents` (
`document_template` tinyint(1) NOT NULL DEFAULT 0, `document_template` tinyint(1) NOT NULL DEFAULT 0,
`document_folder_id` int(11) NOT NULL DEFAULT 0, `document_folder_id` int(11) NOT NULL DEFAULT 0,
`document_client_id` int(11) NOT NULL DEFAULT 0, `document_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`document_id`), PRIMARY KEY (`document_id`),
FULLTEXT KEY `document_content_raw` (`document_content_raw`) FULLTEXT KEY `document_content_raw` (`document_content_raw`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@@ -408,7 +398,6 @@ CREATE TABLE `domains` (
`domain_registrar` int(11) NOT NULL DEFAULT 0, `domain_registrar` int(11) NOT NULL DEFAULT 0,
`domain_webhost` int(11) NOT NULL DEFAULT 0, `domain_webhost` int(11) NOT NULL DEFAULT 0,
`domain_client_id` int(11) NOT NULL DEFAULT 0, `domain_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`domain_id`) PRIMARY KEY (`domain_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -433,7 +422,6 @@ CREATE TABLE `events` (
`event_client_id` int(11) NOT NULL DEFAULT 0, `event_client_id` int(11) NOT NULL DEFAULT 0,
`event_location_id` int(11) NOT NULL DEFAULT 0, `event_location_id` int(11) NOT NULL DEFAULT 0,
`event_calendar_id` int(11) NOT NULL DEFAULT 0, `event_calendar_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`event_id`) PRIMARY KEY (`event_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -461,7 +449,6 @@ CREATE TABLE `expenses` (
`expense_client_id` int(11) NOT NULL DEFAULT 0, `expense_client_id` int(11) NOT NULL DEFAULT 0,
`expense_category_id` int(11) NOT NULL DEFAULT 0, `expense_category_id` int(11) NOT NULL DEFAULT 0,
`expense_account_id` int(11) DEFAULT NULL, `expense_account_id` int(11) DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`expense_id`) PRIMARY KEY (`expense_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -483,7 +470,6 @@ CREATE TABLE `files` (
`file_archived_at` datetime DEFAULT NULL, `file_archived_at` datetime DEFAULT NULL,
`file_accessed_at` datetime DEFAULT NULL, `file_accessed_at` datetime DEFAULT NULL,
`file_client_id` int(11) NOT NULL DEFAULT 0, `file_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`file_id`) PRIMARY KEY (`file_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -500,7 +486,6 @@ CREATE TABLE `folders` (
`folder_name` varchar(200) NOT NULL, `folder_name` varchar(200) NOT NULL,
`parent_folder` int(11) NOT NULL DEFAULT 0, `parent_folder` int(11) NOT NULL DEFAULT 0,
`folder_client_id` int(11) NOT NULL DEFAULT 0, `folder_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`folder_id`) PRIMARY KEY (`folder_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -520,7 +505,6 @@ CREATE TABLE `history` (
`history_invoice_id` int(11) NOT NULL DEFAULT 0, `history_invoice_id` int(11) NOT NULL DEFAULT 0,
`history_recurring_id` int(11) NOT NULL DEFAULT 0, `history_recurring_id` int(11) NOT NULL DEFAULT 0,
`history_quote_id` int(11) NOT NULL DEFAULT 0, `history_quote_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`history_id`) PRIMARY KEY (`history_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -544,7 +528,6 @@ CREATE TABLE `interfaces` (
`interface_connected_asset_id` int(11) NOT NULL DEFAULT 0, `interface_connected_asset_id` int(11) NOT NULL DEFAULT 0,
`interface_network_id` int(11) NOT NULL DEFAULT 0, `interface_network_id` int(11) NOT NULL DEFAULT 0,
`interface_asset_id` int(11) NOT NULL, `interface_asset_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`interface_id`) PRIMARY KEY (`interface_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -572,7 +555,6 @@ CREATE TABLE `invoice_items` (
`item_quote_id` int(11) NOT NULL DEFAULT 0, `item_quote_id` int(11) NOT NULL DEFAULT 0,
`item_recurring_id` int(11) NOT NULL DEFAULT 0, `item_recurring_id` int(11) NOT NULL DEFAULT 0,
`item_invoice_id` int(11) NOT NULL DEFAULT 0, `item_invoice_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`item_id`) PRIMARY KEY (`item_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -601,7 +583,6 @@ CREATE TABLE `invoices` (
`invoice_archived_at` datetime DEFAULT NULL, `invoice_archived_at` datetime DEFAULT NULL,
`invoice_category_id` int(11) NOT NULL, `invoice_category_id` int(11) NOT NULL,
`invoice_client_id` int(11) NOT NULL, `invoice_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`invoice_id`) PRIMARY KEY (`invoice_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -631,7 +612,6 @@ CREATE TABLE `locations` (
`location_accessed_at` datetime DEFAULT NULL, `location_accessed_at` datetime DEFAULT NULL,
`location_contact_id` int(11) NOT NULL DEFAULT 0, `location_contact_id` int(11) NOT NULL DEFAULT 0,
`location_client_id` int(11) NOT NULL DEFAULT 0, `location_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`location_id`) PRIMARY KEY (`location_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -662,7 +642,6 @@ CREATE TABLE `logins` (
`login_asset_id` int(11) NOT NULL DEFAULT 0, `login_asset_id` int(11) NOT NULL DEFAULT 0,
`login_software_id` int(11) NOT NULL DEFAULT 0, `login_software_id` int(11) NOT NULL DEFAULT 0,
`login_client_id` int(11) NOT NULL DEFAULT 0, `login_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`login_id`) PRIMARY KEY (`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -685,7 +664,6 @@ CREATE TABLE `logs` (
`log_client_id` int(11) NOT NULL DEFAULT 0, `log_client_id` int(11) NOT NULL DEFAULT 0,
`log_user_id` int(11) NOT NULL DEFAULT 0, `log_user_id` int(11) NOT NULL DEFAULT 0,
`log_entity_id` int(11) NOT NULL DEFAULT 0, `log_entity_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) DEFAULT NULL,
PRIMARY KEY (`log_id`) PRIMARY KEY (`log_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -711,7 +689,6 @@ CREATE TABLE `networks` (
`network_accessed_at` datetime DEFAULT NULL, `network_accessed_at` datetime DEFAULT NULL,
`network_location_id` int(11) NOT NULL DEFAULT 0, `network_location_id` int(11) NOT NULL DEFAULT 0,
`network_client_id` int(11) NOT NULL DEFAULT 0, `network_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`network_id`) PRIMARY KEY (`network_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -732,7 +709,6 @@ CREATE TABLE `notifications` (
`notification_dismissed_by` int(11) DEFAULT NULL, `notification_dismissed_by` int(11) DEFAULT NULL,
`notification_client_id` int(11) NOT NULL DEFAULT 0, `notification_client_id` int(11) NOT NULL DEFAULT 0,
`notification_user_id` int(11) NOT NULL DEFAULT 0, `notification_user_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`notification_id`) PRIMARY KEY (`notification_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -756,7 +732,6 @@ CREATE TABLE `payments` (
`payment_archived_at` datetime DEFAULT NULL, `payment_archived_at` datetime DEFAULT NULL,
`payment_account_id` int(11) NOT NULL, `payment_account_id` int(11) NOT NULL,
`payment_invoice_id` int(11) NOT NULL DEFAULT 0, `payment_invoice_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`payment_id`) PRIMARY KEY (`payment_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -779,7 +754,6 @@ CREATE TABLE `products` (
`product_archived_at` datetime DEFAULT NULL, `product_archived_at` datetime DEFAULT NULL,
`product_tax_id` int(11) NOT NULL DEFAULT 0, `product_tax_id` int(11) NOT NULL DEFAULT 0,
`product_category_id` int(11) NOT NULL, `product_category_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`product_id`) PRIMARY KEY (`product_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -807,7 +781,6 @@ CREATE TABLE `quotes` (
`quote_archived_at` datetime DEFAULT NULL, `quote_archived_at` datetime DEFAULT NULL,
`quote_category_id` int(11) NOT NULL, `quote_category_id` int(11) NOT NULL,
`quote_client_id` int(11) NOT NULL, `quote_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`quote_id`) PRIMARY KEY (`quote_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -829,7 +802,6 @@ CREATE TABLE `records` (
`record_updated_at` datetime NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE current_timestamp(), `record_updated_at` datetime NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE current_timestamp(),
`record_archived_at` datetime DEFAULT NULL, `record_archived_at` datetime DEFAULT NULL,
`record_domain_id` int(11) NOT NULL, `record_domain_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`record_id`) PRIMARY KEY (`record_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -858,7 +830,6 @@ CREATE TABLE `recurring` (
`recurring_archived_at` datetime DEFAULT NULL, `recurring_archived_at` datetime DEFAULT NULL,
`recurring_category_id` int(11) NOT NULL, `recurring_category_id` int(11) NOT NULL,
`recurring_client_id` int(11) NOT NULL, `recurring_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`recurring_id`) PRIMARY KEY (`recurring_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -884,7 +855,6 @@ CREATE TABLE `revenues` (
`revenue_category_id` int(11) NOT NULL DEFAULT 0, `revenue_category_id` int(11) NOT NULL DEFAULT 0,
`revenue_account_id` int(11) NOT NULL, `revenue_account_id` int(11) NOT NULL,
`revenue_client_id` int(11) NOT NULL DEFAULT 0, `revenue_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`revenue_id`) PRIMARY KEY (`revenue_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -911,7 +881,6 @@ CREATE TABLE `scheduled_tickets` (
`scheduled_ticket_client_id` int(11) NOT NULL DEFAULT 0, `scheduled_ticket_client_id` int(11) NOT NULL DEFAULT 0,
`scheduled_ticket_contact_id` int(11) NOT NULL DEFAULT 0, `scheduled_ticket_contact_id` int(11) NOT NULL DEFAULT 0,
`scheduled_ticket_asset_id` int(11) NOT NULL DEFAULT 0, `scheduled_ticket_asset_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`scheduled_ticket_id`) PRIMARY KEY (`scheduled_ticket_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1027,7 +996,6 @@ CREATE TABLE `services` (
`service_accessed_at` datetime DEFAULT NULL, `service_accessed_at` datetime DEFAULT NULL,
`service_review_due` date DEFAULT NULL, `service_review_due` date DEFAULT NULL,
`service_client_id` int(11) NOT NULL, `service_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`service_id`) PRIMARY KEY (`service_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1150,7 +1118,6 @@ CREATE TABLE `software` (
`software_login_id` int(11) NOT NULL DEFAULT 0, `software_login_id` int(11) NOT NULL DEFAULT 0,
`software_client_id` int(11) NOT NULL, `software_client_id` int(11) NOT NULL,
`software_template_id` int(11) NOT NULL DEFAULT 0, `software_template_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`software_id`) PRIMARY KEY (`software_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1241,7 +1208,6 @@ CREATE TABLE `tags` (
`tag_created_at` datetime NOT NULL DEFAULT current_timestamp(), `tag_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`tag_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `tag_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`tag_archived_at` datetime DEFAULT NULL, `tag_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`tag_id`) PRIMARY KEY (`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1260,7 +1226,6 @@ CREATE TABLE `taxes` (
`tax_created_at` datetime NOT NULL DEFAULT current_timestamp(), `tax_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`tax_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `tax_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`tax_archived_at` datetime DEFAULT NULL, `tax_archived_at` datetime DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`tax_id`) PRIMARY KEY (`tax_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1282,7 +1247,6 @@ CREATE TABLE `ticket_replies` (
`ticket_reply_archived_at` datetime DEFAULT NULL, `ticket_reply_archived_at` datetime DEFAULT NULL,
`ticket_reply_by` int(11) NOT NULL, `ticket_reply_by` int(11) NOT NULL,
`ticket_reply_ticket_id` int(11) NOT NULL, `ticket_reply_ticket_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`ticket_reply_id`) PRIMARY KEY (`ticket_reply_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1332,7 +1296,6 @@ CREATE TABLE `tickets` (
`ticket_contact_id` int(11) NOT NULL DEFAULT 0, `ticket_contact_id` int(11) NOT NULL DEFAULT 0,
`ticket_location_id` int(11) NOT NULL DEFAULT 0, `ticket_location_id` int(11) NOT NULL DEFAULT 0,
`ticket_asset_id` int(11) NOT NULL DEFAULT 0, `ticket_asset_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`ticket_id`) PRIMARY KEY (`ticket_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1352,7 +1315,6 @@ CREATE TABLE `transfers` (
`transfer_archived_at` datetime DEFAULT NULL, `transfer_archived_at` datetime DEFAULT NULL,
`transfer_expense_id` int(11) NOT NULL, `transfer_expense_id` int(11) NOT NULL,
`transfer_revenue_id` int(11) NOT NULL, `transfer_revenue_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`transfer_id`) PRIMARY KEY (`transfer_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1379,41 +1341,10 @@ CREATE TABLE `trips` (
`trip_archived_at` datetime DEFAULT NULL, `trip_archived_at` datetime DEFAULT NULL,
`trip_user_id` int(11) NOT NULL DEFAULT 0, `trip_user_id` int(11) NOT NULL DEFAULT 0,
`trip_client_id` int(11) NOT NULL DEFAULT 0, `trip_client_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`trip_id`) PRIMARY KEY (`trip_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `user_companies`
--
DROP TABLE IF EXISTS `user_companies`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_companies` (
`user_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`user_id`,`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `user_keys`
--
DROP TABLE IF EXISTS `user_keys`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_keys` (
`user_key_id` int(11) NOT NULL AUTO_INCREMENT,
`user_key_name` varchar(200) DEFAULT NULL,
`user_public_key` varchar(250) NOT NULL,
`user_id` int(11) NOT NULL,
PRIMARY KEY (`user_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
-- --
-- Table structure for table `user_settings` -- Table structure for table `user_settings`
-- --
@@ -1423,7 +1354,6 @@ DROP TABLE IF EXISTS `user_settings`;
/*!40101 SET character_set_client = utf8 */; /*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_settings` ( CREATE TABLE `user_settings` (
`user_id` int(11) NOT NULL, `user_id` int(11) NOT NULL,
`user_default_company` int(11) NOT NULL,
`user_role` int(11) NOT NULL, `user_role` int(11) NOT NULL,
PRIMARY KEY (`user_id`) PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -1524,7 +1454,6 @@ CREATE TABLE `vendors` (
`vendor_accessed_at` datetime DEFAULT NULL, `vendor_accessed_at` datetime DEFAULT NULL,
`vendor_client_id` int(11) NOT NULL DEFAULT 0, `vendor_client_id` int(11) NOT NULL DEFAULT 0,
`vendor_template_id` int(11) NOT NULL DEFAULT 0, `vendor_template_id` int(11) NOT NULL DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`vendor_id`) PRIMARY KEY (`vendor_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1538,4 +1467,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2023-02-25 15:25:59 -- Dump completed on 2023-03-08 13:31:23

6
expense_add_modal.php
View File

@@ -43,7 +43,7 @@
<option value="">- Account -</option> <option value="">- Account -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = htmlentities($row['account_name']);
@@ -83,7 +83,7 @@
<option value="">- Vendor -</option> <option value="">- Vendor -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = htmlentities($row['vendor_name']);
@@ -118,7 +118,7 @@
<option value="">- Category -</option> <option value="">- Category -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = htmlentities($row['category_name']);

6
expense_copy_modal.php
View File

@@ -44,7 +44,7 @@
<select class="form-control select2" name="account" required> <select class="form-control select2" name="account" required>
<?php <?php
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); $sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) { while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']); $account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']); $account_name_select = htmlentities($row['account_name']);
@@ -82,7 +82,7 @@
<select class="form-control select2" name="vendor" required> <select class="form-control select2" name="vendor" required>
<?php <?php
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = htmlentities($row['vendor_name']);
@@ -114,7 +114,7 @@
<select class="form-control select2" name="category" required> <select class="form-control select2" name="category" required>
<?php <?php
$sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC"); $sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_id_select = intval($row['category_id']); $category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = htmlentities($row['category_name']);

11
expense_edit_modal.php
View File

@@ -46,7 +46,7 @@
<select class="form-control select2" name="account" required> <select class="form-control select2" name="account" required>
<?php <?php
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC"); $sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) { while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']); $account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']); $account_name_select = htmlentities($row['account_name']);
@@ -85,7 +85,7 @@
<select class="form-control select2" name="vendor" required> <select class="form-control select2" name="vendor" required>
<?php <?php
$sql_select = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) AND company_id = $session_company_id ORDER BY vendor_name ASC"); $sql_select = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_select)) { while ($row = mysqli_fetch_array($sql_select)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = htmlentities($row['vendor_name']);
@@ -120,7 +120,7 @@
<select class="form-control select2" name="category" required> <select class="form-control select2" name="category" required>
<?php <?php
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); $sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_select)) { while ($row = mysqli_fetch_array($sql_select)) {
$category_id_select = intval($row['category_id']); $category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = htmlentities($row['category_name']);
@@ -156,7 +156,10 @@
<?php if (!empty($expense_receipt)) { ?> <?php if (!empty($expense_receipt)) { ?>
<hr> <hr>
<a class="text-secondary" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>"><i class="fa fa-fw fa-2x fa-file-pdf text-secondary"></i> <?php echo basename($expense_receipt); ?></a> <a class="text-secondary" href="<?php echo "uploads/expenses/$expense_receipt"; ?>"
download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>">
<i class="fa fa-fw fa-2x fa-file-pdf text-secondary"></i> <?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>
</a>
<?php } ?> <?php } ?>
</div> </div>

11
expenses.php
View File

@@ -15,8 +15,7 @@ $sql = mysqli_query(
LEFT JOIN categories ON expense_category_id = category_id LEFT JOIN categories ON expense_category_id = category_id
LEFT JOIN vendors ON expense_vendor_id = vendor_id LEFT JOIN vendors ON expense_vendor_id = vendor_id
LEFT JOIN accounts ON expense_account_id = account_id LEFT JOIN accounts ON expense_account_id = account_id
WHERE expenses.company_id = $session_company_id WHERE expense_vendor_id > 0
AND expense_vendor_id > 0
AND DATE(expense_date) BETWEEN '$dtf' AND '$dtt' AND DATE(expense_date) BETWEEN '$dtf' AND '$dtt'
AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%' OR expense_description LIKE '%$q%' OR expense_amount LIKE '%$q%') AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%' OR expense_description LIKE '%$q%' OR expense_amount LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
@@ -39,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Expenses">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -86,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>
@@ -121,7 +120,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
if (empty($expense_receipt)) { if (empty($expense_receipt)) {
$receipt_attached = ""; $receipt_attached = "";
} else { } else {
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$session_company_id/$expense_receipt'><i class='fa fa-file-pdf'></i></a>"; $receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$expense_receipt' download='$expense_date-$vendor_name-$category_name-$expense_id.pdf'><i class='fa fa-file-pdf'></i></a>";
} }
?> ?>
@@ -141,7 +140,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="dropdown-menu"> <div class="dropdown-menu">
<?php <?php
if (!empty($expense_receipt)) { ?> if (!empty($expense_receipt)) { ?>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>"> <a class="dropdown-item" href="<?php echo "uploads/expenses/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<i class="fas fa-fw fa-download mr-2"></i>Download <i class="fas fa-fw fa-download mr-2"></i>Download
</a> </a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>

3
functions.php
View File

@@ -438,10 +438,9 @@ function getSSL($name) {
} }
function strtoAZaz09($string) { function strtoAZaz09($string) {
$string = ucwords(strtolower($string));
// Gets rid of non-alphanumerics // Gets rid of non-alphanumerics
return preg_replace('/[^A-Za-z0-9_]/', '', $string); return preg_replace('/[^A-Za-z0-9_-]/', '', $string);
} }
// Cross-Site Request Forgery check for sensitive functions // Cross-Site Request Forgery check for sensitive functions

19
get_credential.php
View File

@@ -30,8 +30,8 @@ require_once("config.php");
require_once("functions.php"); require_once("functions.php");
// IP & User Agent for logging // IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP())); $ip = santizeInput(getIP());
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT'])); $user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']);
// Define wording for the user // Define wording for the user
DEFINE("WORDING_ROLECHECK_FAILED", "ITFlow - You are not permitted to use this application!"); DEFINE("WORDING_ROLECHECK_FAILED", "ITFlow - You are not permitted to use this application!");
@@ -102,10 +102,9 @@ if (hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user
session_id($row['user_php_session']); session_id($row['user_php_session']);
session_start(); session_start();
$session_user_id = $row['user_id']; $session_user_id = intval($row['user_id']);
$session_name = $row['user_name']; $session_name = $row['user_name'];
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role']; $session_user_role = $row['user_role'];
// Check user access level is correct (not an accountant) // Check user access level is correct (not an accountant)
@@ -126,21 +125,21 @@ if ($session_user_role < 1) {
if (isset($_GET['host'])) { if (isset($_GET['host'])) {
if (!empty($_GET['host'])) { if (!empty($_GET['host'])) {
$url = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['host']))); $url = santizeInput($_GET['host']);
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1"); $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_uri = '$url' LIMIT 1");
if (mysqli_num_rows($sql_logins) > 0) { if (mysqli_num_rows($sql_logins) > 0) {
$row = mysqli_fetch_array($sql_logins); $row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE"; $data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']); $data['username'] = htmlentities(decryptLoginEntry($row['login_username']));
$data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie $data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
echo json_encode($data); echo json_encode($data);
// Logging // Logging
$login_name = mysqli_real_escape_string($mysqli, $row['login_name']); $login_name = sanitizeInput($row['login_name']);
$login_user = mysqli_real_escape_string($mysqli, $row['login_username']); $login_user = sanitizeInput($row['login_username']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', company_id = $session_company_id, log_user_id = $session_user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
} }
} }

2
get_settings.php
View File

@@ -1,7 +1,7 @@
<?php <?php
// Query Settings // Query Settings
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id"); $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings); $row = mysqli_fetch_array($sql_settings);
// Database version // Database version

14
global_search.php
View File

@@ -13,13 +13,13 @@ if (isset($_GET['query'])) {
$ticket_num_query = str_replace("$config_ticket_prefix", "", "$query"); $ticket_num_query = str_replace("$config_ticket_prefix", "", "$query");
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN locations ON clients.primary_location = locations.location_id WHERE client_name LIKE '%$query%' AND clients.company_id = $session_company_id ORDER BY client_id DESC LIMIT 5"); $sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN locations ON clients.primary_location = locations.location_id WHERE client_name LIKE '%$query%' ORDER BY client_id DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') ORDER BY contact_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') ORDER BY vendor_id DESC LIMIT 5");
$sql_products = mysqli_query($mysqli, "SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5"); $sql_products = mysqli_query($mysqli, "SELECT * FROM products WHERE product_name LIKE '%$query%' ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5"); $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') ORDER BY document_id DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5"); $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') ORDER BY ticket_id DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5"); $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' ORDER BY login_id DESC LIMIT 5");
$q = htmlentities($_GET['query']); $q = htmlentities($_GET['query']);
?> ?>

5
guest_download_file.php
View File

@@ -48,8 +48,7 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$file_ext = sanitizeInput($file_row['file_ext']); $file_ext = sanitizeInput($file_row['file_ext']);
$file_reference_name = sanitizeInput($file_row['file_reference_name']); $file_reference_name = sanitizeInput($file_row['file_reference_name']);
$client_id = intval($file_row['file_client_id']); $client_id = intval($file_row['file_client_id']);
$company_id = intval($file_row['company_id']); $file_path = "uploads/clients/$client_id/$file_reference_name";
$file_path = "uploads/clients/$company_id/$client_id/$file_reference_name";
// Display file as download // Display file as download
$mime_type = mime_content_type($file_path); $mime_type = mime_content_type($file_path);
@@ -62,6 +61,6 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id"); mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
} }

43
guest_pay_invoice_stripe.php
View File

@@ -32,8 +32,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$mysqli, $mysqli,
"SELECT * FROM invoices "SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id WHERE invoice_id = $invoice_id
AND invoice_url_key = '$invoice_url_key' AND invoice_url_key = '$invoice_url_key'
AND invoice_status != 'Draft' AND invoice_status != 'Draft'
@@ -61,6 +59,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = htmlentities($row['invoice_currency_code']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
// Add up all the payments for the invoice and get the total amount paid to the invoice // Add up all the payments for the invoice and get the total amount paid to the invoice
@@ -83,9 +84,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!-- jQuery --> <!-- jQuery -->
<script src="plugins/jquery/jquery.min.js"></script> <script src="plugins/jquery/jquery.min.js"></script>
<br><br> <div class="row pt-5">
<div class="row">
<!-- Show invoice details --> <!-- Show invoice details -->
<div class="col-sm"> <div class="col-sm">
@@ -113,7 +112,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<tr> <tr>
<td><?php echo $item_name; ?></td> <td><?php echo $item_name; ?></td>
<td><?php echo $item_quantity; ?></td> <td class="text-center"><?php echo $item_quantity; ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td> <td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td>
</tr> </tr>
@@ -127,7 +126,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!-- End invoice details--> <!-- End invoice details-->
<!-- Show Stripe payment form --> <!-- Show Stripe payment form -->
<div class="col-sm offset-1"> <div class="col-sm offset-sm-1">
<form id="payment-form"> <form id="payment-form">
<h1><?php echo numfmt_format_currency($currency_format, $balance_to_pay, $invoice_currency_code); ?></h1> <h1><?php echo numfmt_format_currency($currency_format, $balance_to_pay, $invoice_currency_code); ?></h1>
<input type="hidden" id="stripe_publishable_key" value="<?php echo $config_stripe_publishable ?>"> <input type="hidden" id="stripe_publishable_key" value="<?php echo $config_stripe_publishable ?>">
@@ -141,9 +140,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
<!--Stripe.js injects the Payment Element--> <!--Stripe.js injects the Payment Element-->
</div> </div>
<br> <br>
<button type="submit" id="submit" class="btn btn-primary text-bold" hidden="hidden"> <button type="submit" id="submit" class="btn btn-primary btn-lg btn-block text-bold" hidden="hidden">
<div class="spinner hidden" id="spinner"></div> <div class="spinner hidden" id="spinner"></div>
<span id="button-text">Pay Invoice</span> <span id="button-text"><i class="fas fa-check mr-2"></i>Pay Invoice</span>
</button> </button>
<div id="payment-message" class="hidden"></div> <div id="payment-message" class="hidden"></div>
</form> </form>
@@ -196,7 +195,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
"SELECT * FROM invoices "SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN contacts ON contact_id = primary_contact LEFT JOIN contacts ON contact_id = primary_contact
LEFT JOIN companies ON invoices.company_id = companies.company_id
WHERE invoice_id = $pi_invoice_id WHERE invoice_id = $pi_invoice_id
AND invoice_status != 'Draft' AND invoice_status != 'Draft'
AND invoice_status != 'Paid' AND invoice_status != 'Paid'
@@ -215,11 +213,14 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_company_id = intval($row['company_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);
$contact_name = $row['contact_name']; $contact_name = $row['contact_name'];
$contact_email = $row['contact_email']; $contact_email = $row['contact_email'];
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name'])); $company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name']));
$company_phone = htmlentities($row['company_phone']); $company_phone = htmlentities($row['company_phone']);
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
@@ -241,24 +242,24 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Apply payment // Apply payment
// Update Invoice Status // Update Invoice Status
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id AND company_id = $invoice_company_id"); mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id");
// Add Payment to History // Add Payment to History
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id");
// Notify // Notify
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id");
// Logging // Logging
$extended_log_desc = ''; $extended_log_desc = '';
if (!$pi_livemode) { if (!$pi_livemode) {
$extended_log_desc = '(DEV MODE)'; $extended_log_desc = '(DEV MODE)';
} }
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id");
// Send email receipt // Send email receipt
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $invoice_company_id"); $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings); $row = mysqli_fetch_array($sql_settings);
$config_smtp_host = $row['config_smtp_host']; $config_smtp_host = $row['config_smtp_host'];
@@ -291,12 +292,12 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Email Logging // Email Logging
if ($mail === true) { if ($mail === true) {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id");
} else { } else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'");
} }
} }

14
guest_post.php
View File

@@ -5,19 +5,18 @@ require_once("functions.php");
session_start(); session_start();
if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) { if (isset($_GET['accept_quote'], $_GET['url_key'])) {
$quote_id = intval($_GET['accept_quote']); $quote_id = intval($_GET['accept_quote']);
$company_id = intval($_GET['company_id']);
$url_key = sanitizeInput($_GET['url_key']); $url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) { if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id"); mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id");
$_SESSION['alert_message'] = "Quote Accepted"; $_SESSION['alert_message'] = "Quote Accepted";
@@ -28,19 +27,18 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
} }
if (isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])) { if (isset($_GET['decline_quote'], $_GET['url_key'])) {
$quote_id = intval($_GET['decline_quote']); $quote_id = intval($_GET['decline_quote']);
$company_id = intval($_GET['company_id']);
$url_key = sanitizeInput($_GET['url_key']); $url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) { if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id"); mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id");
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Quote Declined"; $_SESSION['alert_message'] = "Quote Declined";

18
guest_view_invoice.php
View File

@@ -17,8 +17,6 @@ $sql = mysqli_query(
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id WHERE invoice_id = $invoice_id
AND invoice_url_key = '$url_key'" AND invoice_url_key = '$url_key'"
); );
@@ -31,6 +29,7 @@ if (mysqli_num_rows($sql) !== 1) {
} }
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
@@ -57,7 +56,10 @@ $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']); $client_net_terms = intval($row['config_default_net_terms']);
} }
$company_id = intval($row['company_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']); $company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = htmlentities($row['company_city']);
@@ -68,7 +70,7 @@ $company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']); $config_invoice_footer = htmlentities($row['config_invoice_footer']);
@@ -88,11 +90,11 @@ if ($invoice_status == 'Sent') {
} }
//Mark viewed in history //Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id");
if ($invoice_status !== 'Paid') { if ($invoice_status !== 'Paid') {
$client_name_escaped = sanitizeInput($row['client_name']); $client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id");
} }
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
@@ -122,7 +124,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<div class="float-right"> <div class="float-right">
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fas fa-fw fa-history mr-2"></i>Invoice History</a> <a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fas fa-fw fa-history mr-2"></i>Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a> <a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download mr-2"></i>Download</a> <a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number")); ?>');"><i class="fa fa-fw fa-download mr-2"></i>Download</a>
<?php <?php
if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?> if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card mr-2"></i>Pay Online</a> <a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card mr-2"></i>Pay Online</a>
@@ -132,7 +134,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<div class="card-body"> <div class="card-body">
<div class="row mb-4"> <div class="row mb-4">
<div class="col-2"> <div class="col-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
</div> </div>
<div class="col-10"> <div class="col-10">
<?php if ($invoice_status == "Paid") { ?> <?php if ($invoice_status == "Paid") { ?>

4
guest_view_item.php
View File

@@ -77,7 +77,7 @@ if ($item_type == "Document") {
// Logging // Logging
$name = mysqli_real_escape_string($mysqli, $doc_title); $name = mysqli_real_escape_string($mysqli, $doc_title);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
} elseif ($item_type == "File") { } elseif ($item_type == "File") {
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
@@ -142,7 +142,7 @@ if ($item_type == "Document") {
// Logging // Logging
$name = sanitizeInput($login_row['login_name']); $name = sanitizeInput($login_row['login_name']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$ua', company_id = 1"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$ua'");
} }

20
guest_view_quote.php
View File

@@ -18,8 +18,6 @@ $sql = mysqli_query(
LEFT JOIN clients ON quote_client_id = client_id LEFT JOIN clients ON quote_client_id = client_id
LEFT JOIN locations ON primary_location = location_id LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON quotes.company_id = companies.company_id
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE quote_id = $quote_id WHERE quote_id = $quote_id
AND quote_url_key = '$url_key'" AND quote_url_key = '$url_key'"
); );
@@ -58,7 +56,9 @@ $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']); $client_net_terms = intval($row['config_default_net_terms']);
} }
$company_id = intval($row['company_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']); $company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = htmlentities($row['company_city']);
@@ -69,7 +69,7 @@ $company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']); $config_quote_footer = htmlentities($row['config_quote_footer']);
@@ -83,11 +83,11 @@ if ($quote_status == 'Sent') {
} }
//Mark viewed in history //Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_quote_id = $quote_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_quote_id = $quote_id");
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") { if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
$client_name_escaped = sanitizeInput($row['client_name']); $client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id");
} }
?> ?>
@@ -99,10 +99,10 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<?php <?php
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") { if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
?> ?>
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"> <a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept <i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
</a> </a>
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"> <a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline <i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
</a> </a>
<?php } ?> <?php } ?>
@@ -110,7 +110,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<div class="float-right"> <div class="float-right">
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a> <a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$quote_date-$company_name-QUOTE-$quote_prefix$quote_number.pdf"; ?>');"> <a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$quote_date-$company_name-QUOTE-$quote_prefix$quote_number")); ?>');">
<i class="fa fa-fw fa-download mr-2"></i>Download <i class="fa fa-fw fa-download mr-2"></i>Download
</a> </a>
</div> </div>
@@ -119,7 +119,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3> <h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

21
inc_all_client.php
View File

@@ -9,15 +9,14 @@ require_once("top_nav.php");
if (isset($_GET['client_id'])) { if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id AND company_id = $session_company_id"); $sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id");
$sql = mysqli_query( $sql = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM clients "SELECT * FROM clients
LEFT JOIN locations ON primary_location = location_id AND location_archived_at IS NULL LEFT JOIN locations ON primary_location = location_id AND location_archived_at IS NULL
LEFT JOIN contacts ON primary_contact = contact_id AND contact_archived_at IS NULL LEFT JOIN contacts ON primary_contact = contact_id AND contact_archived_at IS NULL
WHERE client_id = $client_id WHERE client_id = $client_id"
AND clients.company_id = $session_company_id"
); );
if (mysqli_num_rows($sql) == 0) { if (mysqli_num_rows($sql) == 0) {
@@ -89,13 +88,13 @@ if (isset($_GET['client_id'])) {
$balance = $invoice_amounts - $amount_paid; $balance = $invoice_amounts - $amount_paid;
//Get Monthly Recurring Total //Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id AND company_id = $session_company_id"); $sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total); $row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = floatval($row['recurring_monthly_total']); $recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total //Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id AND company_id = $session_company_id"); $sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total); $row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12; $recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12;
@@ -197,8 +196,7 @@ if (isset($_GET['client_id'])) {
WHERE domain_client_id = $client_id WHERE domain_client_id = $client_id
AND domain_expire IS NOT NULL AND domain_expire IS NOT NULL
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND domain_archived_at IS NULL AND domain_archived_at IS NULL"
AND company_id = $session_company_id"
)); ));
$num_domains_expiring = intval($row['num']); $num_domains_expiring = intval($row['num']);
@@ -209,8 +207,7 @@ if (isset($_GET['client_id'])) {
WHERE certificate_client_id = $client_id WHERE certificate_client_id = $client_id
AND certificate_expire IS NOT NULL AND certificate_expire IS NOT NULL
AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY AND certificate_expire < CURRENT_DATE + INTERVAL 30 DAY
AND certificate_archived_at IS NULL AND certificate_archived_at IS NULL"
AND company_id = $session_company_id"
)); ));
$num_certs_expiring = intval($row['num']); $num_certs_expiring = intval($row['num']);
@@ -222,7 +219,7 @@ if (isset($_GET['client_id'])) {
AND asset_warranty_expire IS NOT NULL AND asset_warranty_expire IS NOT NULL
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_warranty_expire DESC" ORDER BY asset_warranty_expire DESC"
); );
// Get Assets Retiring // Get Assets Retiring
@@ -233,7 +230,7 @@ if (isset($_GET['client_id'])) {
AND asset_install_date IS NOT NULL AND asset_install_date IS NOT NULL
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
AND asset_install_date + INTERVAL 7 YEAR < CURRENT_DATE + INTERVAL 90 DAY AND asset_install_date + INTERVAL 7 YEAR < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_install_date DESC" ORDER BY asset_install_date DESC"
); );
// Get Stale Tickets // Get Stale Tickets
@@ -243,7 +240,7 @@ if (isset($_GET['client_id'])) {
WHERE ticket_client_id = $client_id WHERE ticket_client_id = $client_id
AND ticket_created_at < CURRENT_DATE - INTERVAL 14 DAY AND ticket_created_at < CURRENT_DATE - INTERVAL 14 DAY
AND ticket_status != 'Closed' AND ticket_status != 'Closed'
AND company_id = $session_company_id ORDER BY ticket_created_at DESC" ORDER BY ticket_created_at DESC"
); );
} }

14
invoice.php
View File

@@ -12,7 +12,6 @@ if (isset($_GET['invoice_id'])) {
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN companies ON invoices.company_id = companies.company_id
WHERE invoice_id = $invoice_id" WHERE invoice_id = $invoice_id"
); );
@@ -52,6 +51,9 @@ if (isset($_GET['invoice_id'])) {
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
} }
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_id = intval($row['company_id']); $company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']); $company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']); $company_country = htmlentities($row['company_country']);
@@ -64,7 +66,7 @@ if (isset($_GET['invoice_id'])) {
$company_website = htmlentities($row['company_website']); $company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
$sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC"); $sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC");
@@ -89,7 +91,7 @@ if (isset($_GET['invoice_id'])) {
$invoice_badge_color = getInvoiceBadgeColor($invoice_status); $invoice_badge_color = getInvoiceBadgeColor($invoice_status);
//Product autocomplete //Product autocomplete
$products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id"); $products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products");
if (mysqli_num_rows($products_sql) > 0) { if (mysqli_num_rows($products_sql) > 0) {
while ($row = mysqli_fetch_array($products_sql)) { while ($row = mysqli_fetch_array($products_sql)) {
@@ -164,7 +166,7 @@ if (isset($_GET['invoice_id'])) {
<a class="dropdown-item" href="#" onclick="window.print();"> <a class="dropdown-item" href="#" onclick="window.print();">
<i class="fa fa-fw fa-print text-secondary mr-2"></i>Print <i class="fa fa-fw fa-print text-secondary mr-2"></i>Print
</a> </a>
<a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-$client_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"> <a class="dropdown-item" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo strtoAZaz09(html_entity_decode("$invoice_date-$company_name-$client_name-Invoice-$invoice_prefix$invoice_number")); ?>');">
<i class="fa fa-fw fa-download text-secondary mr-2"></i>Download PDF <i class="fa fa-fw fa-download text-secondary mr-2"></i>Download PDF
</a> </a>
<?php if (!empty($config_smtp_host) && !empty($contact_email)) { ?> <?php if (!empty($config_smtp_host) && !empty($contact_email)) { ?>
@@ -194,7 +196,7 @@ if (isset($_GET['invoice_id'])) {
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>" alt="Company logo"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>" alt="Company logo">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<div class="ribbon-wrapper"> <div class="ribbon-wrapper">
@@ -331,7 +333,7 @@ if (isset($_GET['invoice_id'])) {
<option value="0">No Tax</option> <option value="0">No Tax</option>
<?php <?php
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']); $tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = htmlentities($row['tax_name']);

4
invoice_add_modal.php
View File

@@ -35,7 +35,7 @@
<option value="">- Client -</option> <option value="">- Client -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);
@@ -61,7 +61,7 @@
<option value="">- Category -</option> <option value="">- Category -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = htmlentities($row['category_name']);

2
invoice_edit_modal.php
View File

@@ -42,7 +42,7 @@
<option value="">- Category -</option> <option value="">- Category -</option>
<?php <?php
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); $sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_income_category)) { while ($row = mysqli_fetch_array($sql_income_category)) {
$category_id_select= intval($row['category_id']); $category_id_select= intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = htmlentities($row['category_name']);

4
invoice_payment_add_modal.php
View File

@@ -54,7 +54,7 @@
<option value="">- Account -</option> <option value="">- Account -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = htmlentities($row['account_name']);
@@ -94,7 +94,7 @@
<option value="">- Method of Payment -</option> <option value="">- Method of Payment -</option>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_name = htmlentities($row['category_name']); $category_name = htmlentities($row['category_name']);
?> ?>

33
invoices.php
View File

@@ -6,50 +6,50 @@ $o = "DESC";
require_once("inc_all.php"); require_once("inc_all.php");
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'"));
$sent_count = $row['num']; $sent_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed'"));
$viewed_count = $row['num']; $viewed_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial' AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial'"));
$partial_count = $row['num']; $partial_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft'"));
$draft_count = $row['num']; $draft_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled'"));
$cancelled_count = $row['num']; $cancelled_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE() AND company_id = $session_company_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE()"));
$overdue_count = $row['num']; $overdue_count = $row['num'];
$sql_total_draft = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id"); $sql_total_draft = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft'");
$row = mysqli_fetch_array($sql_total_draft); $row = mysqli_fetch_array($sql_total_draft);
$total_draft = floatval($row['total_draft']); $total_draft = floatval($row['total_draft']);
$sql_total_sent = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id"); $sql_total_sent = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent'");
$row = mysqli_fetch_array($sql_total_sent); $row = mysqli_fetch_array($sql_total_sent);
$total_sent = floatval($row['total_sent']); $total_sent = floatval($row['total_sent']);
$sql_total_viewed = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id"); $sql_total_viewed = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed'");
$row = mysqli_fetch_array($sql_total_viewed); $row = mysqli_fetch_array($sql_total_viewed);
$total_viewed = floatval($row['total_viewed']); $total_viewed = floatval($row['total_viewed']);
$sql_total_cancelled = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id"); $sql_total_cancelled = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled'");
$row = mysqli_fetch_array($sql_total_cancelled); $row = mysqli_fetch_array($sql_total_cancelled);
$total_cancelled = floatval($row['total_cancelled']); $total_cancelled = floatval($row['total_cancelled']);
$sql_total_partial = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoices.company_id = $session_company_id"); $sql_total_partial = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial'");
$row = mysqli_fetch_array($sql_total_partial); $row = mysqli_fetch_array($sql_total_partial);
$total_partial = floatval($row['total_partial']); $total_partial = floatval($row['total_partial']);
$total_partial_count = mysqli_num_rows($sql_total_partial); $total_partial_count = mysqli_num_rows($sql_total_partial);
$sql_total_overdue_partial = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id"); $sql_total_overdue_partial = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE()");
$row = mysqli_fetch_array($sql_total_overdue_partial); $row = mysqli_fetch_array($sql_total_overdue_partial);
$total_overdue_partial = floatval($row['total_overdue_partial']); $total_overdue_partial = floatval($row['total_overdue_partial']);
$sql_total_overdue = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id"); $sql_total_overdue = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE()");
$row = mysqli_fetch_array($sql_total_overdue); $row = mysqli_fetch_array($sql_total_overdue);
$total_overdue = floatval($row['total_overdue']); $total_overdue = floatval($row['total_overdue']);
@@ -76,8 +76,7 @@ $sql = mysqli_query(
"SELECT SQL_CALC_FOUND_ROWS * FROM invoices "SELECT SQL_CALC_FOUND_ROWS * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN categories ON invoice_category_id = category_id LEFT JOIN categories ON invoice_category_id = category_id
WHERE invoices.company_id = $session_company_id WHERE (invoice_status LIKE '$status_query')
AND (invoice_status LIKE '$status_query')
AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt' AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%') AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
@@ -160,7 +159,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo strip_tags(htmlentities($q));} ?>" placeholder="Search Invoices"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -202,7 +201,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

2
item_edit_modal.php
View File

@@ -77,7 +77,7 @@
<option value="0">No Tax</option> <option value="0">No Tax</option>
<?php <?php
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id_select = intval($row['tax_id']); $tax_id_select = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = htmlentities($row['tax_name']);

6
login.php
View File

@@ -145,7 +145,7 @@ if (isset($_POST['login'])) {
// Set PHP session in DB, so we can access the session encryption data (above) // Set PHP session in DB, so we can access the session encryption data (above)
$user_php_session = session_id(); $user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'"); mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id");
} }
} }
@@ -228,7 +228,7 @@ if (isset($_POST['login'])) {
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Login</title> <title><?php echo htmlentities($company_name); ?> | Login</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
@@ -244,7 +244,7 @@ if (isset($_POST['login'])) {
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<?php if (!empty($company_logo)) { ?> <?php if (!empty($company_logo)) { ?>
<img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/1/$company_logo"; ?>"> <img alt="<?=htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<?php } else { ?> <?php } else { ?>
<b>IT</b>Flow <b>IT</b>Flow
<?php } ?> <?php } ?>

2
logs.php
View File

@@ -74,7 +74,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-sm table-striped table-borderless table-hover"> <table class="table table-sm table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

1
models/user.php
View File

@@ -1,5 +1,4 @@
<?php <?php
$name = sanitizeInput($_POST['name']); $name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']); $email = sanitizeInput($_POST['email']);
$default_company = intval($_POST['default_company']);
$role = intval($_POST['role']); $role = intval($_POST['role']);

4
notifications.php
View File

@@ -2,7 +2,7 @@
require_once("inc_all.php"); require_once("inc_all.php");
$sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON notification_client_id = client_id WHERE notification_dismissed_at IS NULL AND (notification_user_id = $session_user_id OR notification_user_id = 0) AND notifications.company_id = $session_company_id ORDER BY notification_id DESC"); $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON notification_client_id = client_id WHERE notification_dismissed_at IS NULL AND (notification_user_id = $session_user_id OR notification_user_id = 0) ORDER BY notification_id DESC");
?> ?>
@@ -18,7 +18,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
<div class="card-body"> <div class="card-body">
<?php if (mysqli_num_rows($sql) > 0) { ?> <?php if (mysqli_num_rows($sql) > 0) { ?>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead> <thead>
<tr> <tr>

3
notifications_dismissed.php
View File

@@ -18,7 +18,6 @@ $sql = mysqli_query(
WHERE (notification_type LIKE '%$q%' OR notification LIKE '%$q%' OR user_name LIKE '%$q%' OR client_name LIKE '%$q%') WHERE (notification_type LIKE '%$q%' OR notification LIKE '%$q%' OR user_name LIKE '%$q%' OR client_name LIKE '%$q%')
AND DATE(notification_timestamp) BETWEEN '$dtf' AND '$dtt' AND DATE(notification_timestamp) BETWEEN '$dtf' AND '$dtt'
AND (notification_user_id = $session_user_id OR notification_user_id = 0) AND (notification_user_id = $session_user_id OR notification_user_id = 0)
AND notifications.company_id = $session_company_id
AND notification_dismissed_at IS NOT NULL AND notification_dismissed_at IS NOT NULL
ORDER BY $sb $o ORDER BY $sb $o
LIMIT $record_from, $record_to LIMIT $record_from, $record_to
@@ -64,7 +63,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</div> </div>
</form> </form>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-hover"> <table class="table table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

5
payments.php
View File

@@ -15,8 +15,7 @@ $sql = mysqli_query(
LEFT JOIN invoices ON payment_invoice_id = invoice_id LEFT JOIN invoices ON payment_invoice_id = invoice_id
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN accounts ON payment_account_id = account_id LEFT JOIN accounts ON payment_account_id = account_id
WHERE payments.company_id = $session_company_id WHERE DATE(payment_date) BETWEEN '$dtf' AND '$dtt'
AND DATE(payment_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%' OR payment_reference LIKE '%$q%') AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%' OR payment_reference LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to" ORDER BY $sb $o LIMIT $record_from, $record_to"
); );
@@ -77,7 +76,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>"> <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr> <tr>

5
portal/check_login.php
View File

@@ -28,11 +28,10 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Get info from session // Get info from session
$session_client_id = intval($_SESSION['client_id']); $session_client_id = intval($_SESSION['client_id']);
$session_contact_id = intval($_SESSION['contact_id']); $session_contact_id = intval($_SESSION['contact_id']);
$session_company_id = intval($_SESSION['company_id']);
// Get company info from database // Get company info from database
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id"); $sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name']; $session_company_name = $row['company_name'];
@@ -43,7 +42,7 @@ $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRE
// Get contact info // Get contact info
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'"); $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id");
$contact = mysqli_fetch_array($contact_sql); $contact = mysqli_fetch_array($contact_sql);
$session_contact_name = sanitizeInput($contact['contact_name']); $session_contact_name = sanitizeInput($contact['contact_name']);

5
portal/inc_portal.php
View File

@@ -19,4 +19,9 @@ if (!isset($_SESSION)) {
session_start(); session_start();
} }
// Get Company Information
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = $row['company_name'];
require_once("portal_header.php"); require_once("portal_header.php");

Some files were not shown because too many files have changed in this diff Show More