Created Mail Queue Logs / Viewer in settings, enabled manual send invoice to use the new queue system, now it logs the Email ID so you can reference it in the Queue to see if it sent, also do not send mail to blank billing contact emails

2023-06-21 12:09:32 -04:00 · 2023-06-21 12:09:32 -04:00 · 4d90327c79
parent c6afe0b3cf
commit 4d90327c79
4 changed files with 206 additions and 35 deletions
--- a/cron_mail_queue.php
+++ b/cron_mail_queue.php
@ -3,6 +3,12 @@
 require_once("config.php");
 require_once("functions.php");

+//Initialize the HTML Purifier to prevent XSS
+require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
 $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");

 $row = mysqli_fetch_array($sql_settings);
@ -42,10 +48,11 @@ if (mysqli_num_rows($sql_queue) > 0) {
        $email_recipient = nullable_htmlentities($row['email_recipient']);
        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
        $email_subject = nullable_htmlentities($row['email_subject']);
-        $email_content = nullable_htmlentities($row['email_content']);
+        $email_content = $purifier->purify($row['email_content']);
        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
        $email_sent_at = nullable_htmlentities($row['email_sent_at']);

+        // Sanitized Input
        $email_recipient_logging = sanitizeInput($row['email_recipient']);
        $email_subject_logging = sanitizeInput($row['email_subject']);

@ -97,12 +104,13 @@ if (mysqli_num_rows($sql_failed_queue) > 0) {
        $email_recipient = nullable_htmlentities($row['email_recipient']);
        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
        $email_subject = nullable_htmlentities($row['email_subject']);
-        $email_content = nullable_htmlentities($row['email_content']);
+        $email_content = $purifier->purify($row['email_content']);
        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
        // Increment the attempts
        $email_attempts = intval($row['email_attempts']) + 1;

+        // Sanitized Input
        $email_recipient_logging = sanitizeInput($row['email_recipient']);
        $email_subject_logging = sanitizeInput($row['email_subject']);

--- a/post.php
+++ b/post.php
@ -4058,6 +4058,7 @@ if(isset($_GET['email_invoice'])){
    $client_id = $row['client_id'];
    $client_name = $row['client_name'];
    $contact_name = $row['contact_name'];
+    $contact_name_escaped = sanitizeInput($row['contact_name']);
    $contact_email = $row['contact_email'];
    $contact_email_escaped = sanitizeInput($row['contact_email']);
    $contact_phone = formatPhoneNumber($row['contact_phone']);
@ -4081,7 +4082,7 @@ if(isset($_GET['email_invoice'])){

    $sql_payments = mysqli_query($mysqli,"SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payment_id DESC");

-    //Add up all the payments for the invoice and get the total amount paid to the invoice
+    // Add up all the payments for the invoice and get the total amount paid to the invoice
    $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
    $row = mysqli_fetch_array($sql_amount_paid);
    $amount_paid = floatval($row['amount_paid']);
@ -4089,58 +4090,51 @@ if(isset($_GET['email_invoice'])){
    $balance = $invoice_amount - $amount_paid;

    if ($invoice_status == 'Paid') {
-        $subject = "Invoice $invoice_prefix$invoice_number Copy";
-        $body    = "Hello $contact_name,<br><br>Please click on the link below to see your invoice marked <b>paid</b>.<br><br><a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>Invoice Link</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
+        $subject = sanitizeInput("Invoice $invoice_prefix$invoice_number Copy");
+        $body    = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Please click on the link below to see your invoice marked <b>paid</b>.<br><br><a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>Invoice Link</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
    } else {
-        $subject = "Invoice $invoice_prefix$invoice_number";
-        $body    = "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Balance Due: " . numfmt_format_currency($currency_format, $balance, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
+        $subject = sanitizeInput("Invoice $invoice_prefix$invoice_number");
+        $body    = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Balance Due: " . numfmt_format_currency($currency_format, $balance, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
    }

-    $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
-        $config_invoice_from_email, $config_invoice_from_name,
-        $contact_email, $contact_name,
-        $subject, $body);
+    // Queue Mail
+    mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$contact_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_invoice_from_email', email_from_name = '$config_invoice_from_name', email_subject = '$subject', email_content = '$body'");

-    if ($mail === true) {
-        $_SESSION['alert_message'] = "Invoice has been sent";
-        mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed invoice', history_invoice_id = $invoice_id");
+    // Get Email ID for reference
+    $email_id = mysqli_insert_id($mysqli);

-        //Don't change the status to sent if the status is anything but draft
-        if($invoice_status == 'Draft'){
-            mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Sent' WHERE invoice_id = $invoice_id");
-        }
+    $_SESSION['alert_message'] = "Invoice has been sent to the mail queue";
+    mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Queued', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");

-        //Logging
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix$invoice_number emailed to $contact_email_escaped', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
-
-    } else {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Invoice Failed to send ";
-        mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Email Invoice Failed', history_invoice_id = $invoice_id");
-
-        mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email_escaped', notification_client_id = $client_id,");
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email_escaped regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
+    // Don't change the status to sent if the status is anything but draft
+    if($invoice_status == 'Draft'){
+        mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Sent' WHERE invoice_id = $invoice_id");
    }

+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email Queue', log_description = 'Invoice $invoice_prefix$invoice_number queued to $contact_email_escaped Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
+
    // Send copies of the invoice to any additional billing contacts
    $sql_billing_contacts = mysqli_query(
        $mysqli,
        "SELECT contact_name, contact_email FROM contacts
        WHERE contact_billing = 1
        AND contact_email != '$contact_email_escaped'
+        AND contact_email != ''
        AND contact_client_id = $client_id"
    );
    while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
-        $billing_contact_name = $billing_contact['contact_name'];
-        $billing_contact_email = $billing_contact['contact_email'];
+        $billing_contact_name = sanitizeInput($billing_contact['contact_name']);
+        $billing_contact_email = sanitizeInput($billing_contact['contact_email']);
+
+        // Queue Mail
+        mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$billing_contact_email', email_recipient_name = '$billing_contact_name', email_from = '$config_invoice_from_email', email_from_name = '$config_invoice_from_name', email_subject = '$subject', email_content = '$body'");
+
+        // Get Email ID for reference
+        $email_id = mysqli_insert_id($mysqli);

-        sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
-            $config_invoice_from_email, $config_invoice_from_name,
-            $billing_contact_email, $billing_contact_name,
-            $subject, $body);
    }

-
    header("Location: " . $_SERVER["HTTP_REFERER"]);

 }
--- a/settings_mail_queue.php
+++ b/settings_mail_queue.php
@ -0,0 +1,162 @@
+<?php
+
+// Default Column Sortby Filter
+$sb = "email_id";
+$o = "DESC";
+
+require_once("inc_all_settings.php");
+
+//Initialize the HTML Purifier to prevent XSS
+require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+//Rebuild URL
+$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM email_queue
+    WHERE (email_from LIKE '%$q%' OR email_from_name LIKE '%$q%' OR email_recipient LIKE '%$q%' OR email_recipient_name LIKE '%$q%' OR email_subject LIKE '%$q%')
+    AND DATE(email_queued_at) BETWEEN '$dtf' AND '$dtt'
+    ORDER BY $sb $o LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-envelope-open mr-2"></i>Email Queue</h3>
+        </div>
+        <div class="card-body">
+            <form class="mb-4" autocomplete="off">
+                <div class="row">
+                    <div class="col-sm-4">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search mail queue">
+                            <div class="input-group-append">
+                                <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="collapse mt-3 <?php if (!empty($_GET['dtf'])) { echo "show"; } ?>" id="advancedFilter">
+                    <div class="row">
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Canned Date</label>
+                                <select class="form-control select2" name="canned_date">
+                                    <option <?php if ($_GET['canned_date'] == "custom") { echo "selected"; } ?> value="">Custom</option>
+                                    <option <?php if ($_GET['canned_date'] == "today") { echo "selected"; } ?> value="today">Today</option>
+                                    <option <?php if ($_GET['canned_date'] == "yesterday") { echo "selected"; } ?> value="yesterday">Yesterday</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisweek") { echo "selected"; } ?> value="thisweek">This Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastweek") { echo "selected"; } ?> value="lastweek">Last Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "thismonth") { echo "selected"; } ?> value="thismonth">This Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastmonth") { echo "selected"; } ?> value="lastmonth">Last Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisyear") { echo "selected"; } ?> value="thisyear">This Year</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastyear") { echo "selected"; } ?> value="lastyear">Last Year</option>
+                                </select>
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date From</label>
+                                <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date To</label>
+                                <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-sm table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_queued_at&o=<?php echo $disp; ?>">Queued</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_from&o=<?php echo $disp; ?>">From</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_recipient&o=<?php echo $disp; ?>">To</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_subject&o=<?php echo $disp; ?>">Subject</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_status&o=<?php echo $disp; ?>">Status</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=email_attempts&o=<?php echo $disp; ?>">Attempts</a></th>
+                        <th>Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $email_id = intval($row['email_id']);
+                        $email_from = nullable_htmlentities($row['email_from']);
+                        $email_from_name = nullable_htmlentities($row['email_from_name']);
+                        $email_recipient = nullable_htmlentities($row['email_recipient']);
+                        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
+                        $email_subject = nullable_htmlentities($row['email_subject']);
+                        $email_content = $purifier->purify($row['email_content']);
+                        $email_attempts = intval($row['email_attempts']);
+                        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
+                        $email_failed_at = nullable_htmlentities($row['email_failed_at']);
+                        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+                        $email_status = intval($row['email_status']);
+                        if($email_status == 0){
+                            $email_status_display = "<div class='text-primary'>Queued</div>";
+                        }elseif($email_status == 1){
+                            $email_status_display = "<div class='text-warning'>Sending</div>";
+                        }elseif($email_status_display == 2){
+                            $email_status_display = "<div class='text-danger'>Failed</div><small class='text-secondary'>$email_failed_at</small>";
+                        }else{
+                            $email_status_display = "<div class='text-success'>Sent</div><small class='text-secondary'>$email_sent_at</small>";
+                        }
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $email_queued_at; ?></td>
+                            <td><?php echo "$email_from<br><small class='text-secondary'>$email_from_name</small>"?></td>
+                            <td><?php echo "$email_recipient<br><small class='text-secondary'>$email_recipient_name</small>"?></td>
+                            <td><?php echo $email_subject; ?></td>
+                            <td><?php echo $email_status_display; ?></td>
+                            <td><?php echo $email_attempts; ?></td>
+                            <td>
+                                <button class="btn btn-sm btn-secondary" data-toggle="modal" data-target="#viewEmailModal<?php echo $email_id; ?>"><i class="fas fa-fw fa-eye"></i></button>
+                            </td>
+                        </tr>
+
+                        <div class="modal" id="viewEmailModal<?php echo $email_id; ?>" tabindex="-1">
+                            <div class="modal-dialog modal-xl ">
+                                <div class="modal-content bg-dark">
+                                    <div class="modal-header">
+                                        <h5 class="modal-title"><i class="fa fa-fw fa-envelope mr-2"></i><?php echo $email_subject; ?></h5>
+                                        <button type="button" class="close text-white" data-dismiss="modal">
+                                            <span>&times;</span>
+                                        </button>
+                                    </div>
+                                    <div class="modal-body bg-white">
+                                        <?php echo $email_content; ?>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+
+                        <?php
+                    }
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once("pagination.php"); ?>
+        </div>
+    </div>
+
+<?php
+require_once("footer.php");
--- a/settings_side_nav.php
+++ b/settings_side_nav.php
@ -211,6 +211,13 @@
          </a>
        </li>

+        <li class="nav-item">
+          <a href="settings_mail_queue.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_mail_queue.php") { echo "active"; } ?>">
+            <i class="nav-icon far fa-envelope-open"></i>
+            <p>Mail Queue</p>
+          </a>
+        </li>
+
        <li class="nav-item">
          <a href="logs.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "logs.php") { echo "active"; } ?>">
            <i class="nav-icon far fa-eye"></i>