Fix Bad vars in PAyment Providers listing, add check to see if payment provider already exists

2025-08-27 16:27:54 -04:00 · 2025-08-27 16:27:54 -04:00 · 535078b0ab
parent d584c6b1e8
commit 535078b0ab
5 changed files with 16 additions and 8 deletions
--- a/admin/database_updates.php
+++ b/admin/database_updates.php
@ -3923,7 +3923,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 }

    if (CURRENT_DATABASE_VERSION == '2.3.0') {
-        // Payment Methods from Categories Table to new payment_methods table
+        // Migrate Payment Methods from Categories Table to new payment_methods table
        $sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_name != 'Stripe' AND category_archived_at IS NULL");
        
        while ($row = mysqli_fetch_array($sql_categories)) {
--- a/admin/modals/payment_provider/payment_provider_add.php
+++ b/admin/modals/payment_provider/payment_provider_add.php
@ -55,7 +55,7 @@
                            <div class="input-group-prepend">
                                <span class="input-group-text"><i class="fa fa-fw fa-shopping-cart"></i></span>
                            </div>
-                            <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="Threshold" placeholder="1000.00">
+                            <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="threshold" placeholder="1000.00">
                        </div>
                        <small class="form-text text-muted">Will not show as an option at Checkout if above this number</small>
                    </div>
--- a/admin/modals/payment_provider/payment_provider_edit.php
+++ b/admin/modals/payment_provider/payment_provider_edit.php
@ -4,15 +4,14 @@ require_once '../../../includes/modal_header.php';

 $provider_id = intval($_GET['id']);

-$sql = mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_id = $provider_id LIMIT 1"
-);
+$sql = mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_id = $provider_id LIMIT 1");

 $row = mysqli_fetch_array($sql);
 $provider_name = nullable_htmlentities($row['payment_provider_name']);
 $public_key = nullable_htmlentities($row['payment_provider_public_key']);
 $private_key = nullable_htmlentities($row['payment_provider_private_key']);
-$account_id = nullable_htmlentities($row['payment_provider_account_']);
-$threshold = floatval($row['payment_provider_treshold']);
+$account_id = nullable_htmlentities($row['payment_provider_account']);
+$threshold = floatval($row['payment_provider_threshold']);
 $vendor_id = nullable_htmlentities($row['payment_provider_expense_vendor']);
 $category_id = nullable_htmlentities($row['payment_provider_expense_category']);
 $percent_fee = floatval($row['payment_provider_expense_percentage_fee']) * 100;
--- a/admin/payment_provider.php
+++ b/admin/payment_provider.php
@ -36,7 +36,7 @@ $num_rows = mysqli_num_rows($sql);
                    </th>
                    <th>
                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=account_name&order=<?php echo $disp; ?>">
-                            Account <?php if ($sort == 'account_name') { echo $order_icon; } ?>
+                            Expense / Income Account <?php if ($sort == 'account_name') { echo $order_icon; } ?>
                        </a>
                    </th>
                    <th>
@ -69,8 +69,9 @@ $num_rows = mysqli_num_rows($sql);
                while ($row = mysqli_fetch_array($sql)) {
                    $provider_id = intval($row['payment_provider_id']);
                    $provider_name = nullable_htmlentities($row['payment_provider_name']);
+                    $provider_description = nullable_htmlentities($row['payment_provider_description']);
                    $account_name = nullable_htmlentities($row['account_name']);
-                    $threshold = floatval($row['payment_provider_treshold']);
+                    $threshold = floatval($row['payment_provider_threshold']);
                    $vendor_name = nullable_htmlentities($row['vendor_name']);
                    $category = nullable_htmlentities($row['category_name']);
                    $percent_fee = floatval($row['payment_provider_expense_percentage_fee']) * 100;
--- a/admin/post/payment_provider.php
+++ b/admin/post/payment_provider.php
@ -18,6 +18,14 @@ if (isset($_POST['add_payment_provider'])) {
    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
    $flat_fee = floatval($_POST['flat_fee']);

+    // Check to make sure Provider isnt added Twice
+    $sql = "SELECT 1 FROM payment_providers WHERE payment_provider_name = '$provider' LIMIT 1";
+    $result = mysqli_query($mysqli, $sql);
+    if (mysqli_num_rows($result) > 0) {
+        flash_alert("Payment Provider <strong>$provider</strong> already exists", 'error');
+        redirect();
+    }
+
    // Check for Stripe Account if not create it
    $sql_account = mysqli_query($mysqli,"SELECT account_id FROM accounts WHERE account_name = '$provider' AND account_archived_at IS NULL LIMIT 1");
    if (mysqli_num_rows($sql_account) == 0) {