-
+
-Tell your admin: Your role does not have admin access.");
+}
+require_once "../includes/header.php";
+require_once "../includes/top_nav.php";
+require_once "includes/side_nav.php";
+require_once "../includes/inc_wrapper.php";
+require_once "../includes/inc_alert_feedback.php";
+require_once "../includes/filter_header.php";
+require_once "../includes/app_version.php";
diff --git a/includes/admin_side_nav.php b/admin/includes/side_nav.php
similarity index 54%
rename from includes/admin_side_nav.php
rename to admin/includes/side_nav.php
index f1b870e0..8e32ef66 100644
--- a/includes/admin_side_nav.php
+++ b/admin/includes/side_nav.php
@@ -1,6 +1,6 @@
@@ -55,4 +55,4 @@ require_once "includes/inc_all_admin.php";
+
\ No newline at end of file
diff --git a/admin/modals/ai/ai_model_edit.php b/admin/modals/ai/ai_model_edit.php
new file mode 100644
index 00000000..87c5bbc2
--- /dev/null
+++ b/admin/modals/ai/ai_model_edit.php
@@ -0,0 +1,90 @@
+
+
+
+
+
+
+
+
+
+
+ Editing:
+ +
+
diff --git a/admin/modals/ai/ai_provider_edit.php b/admin/modals/ai/ai_provider_edit.php
new file mode 100644
index 00000000..ee1ed12d
--- /dev/null
+++ b/admin/modals/ai/ai_provider_edit.php
@@ -0,0 +1,69 @@
+
+
+
+
+
+
+
+
+
+
Editing:
+ +
-
+
+
+
-
+
+
+ Saved Payment Methods
+
+
+
+
++
+
+ ">
+
+
+
+
+ | + + Client + + | ++ + Provider + + | ++ + Description + + | ++ + Provider Client ID + + | + ++ + Provider Payment Method ID + + | ++ + Created + + | +Action | +
|---|---|---|---|---|---|---|
| () | +() | ++ | + | + | + | + + Delete + + | +
@@ -168,4 +168,4 @@ $company_initials = nullable_htmlentities(initials($company_name));
-
+
@@ -327,5 +327,5 @@ require_once "includes/inc_all_admin.php";
-
-
@@ -63,5 +63,5 @@ require_once "includes/inc_all_admin.php";
@@ -98,7 +98,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
Tags
-
+
@@ -83,11 +83,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
-
+
@@ -104,12 +104,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
-
-
-
-
-
- AI
-
-
-
-
-
-
-
-
-
- Test AI Rewording
- -
-
- - - - -
-
-
-
-
-
-
- Online Payment
-
-
-
- - - - - -
-
-
-
-
-
-
-
- Online Payment - Client info
-
-
-
-
-
-
-
-
-
- | Client | -Stripe Customer ID | -Stripe Payment ID | -Payment Details | -Created | -Action | -
|---|---|---|---|---|---|
| - | - | - | - | - |
-
-
-
-
- |
-
-
-
-
-
-
-
-
-
-
-
-
-New Category
- -
-
-
-
-";
+ $details = mysqli_escape_string($mysqli, $_POST['ticket_details'] . "New Tag
- -"); } elseif ($ticket_row) { $details = $ticket_row['ticket_details']; } else { diff --git a/blank.php b/blank.php deleted file mode 100644 index 9cf73716..00000000 --- a/blank.php +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - -
Blank Page
--
This is a great starting point for new custom pages.
- - - -$start_date"; - -echo "User Agent
"; -echo getUserAgent(); - - -?> -- - - -
-
-
- Requester -
- Sam Adams - -
- Created - - -
- Last activity - -
- - - - - -$date_time"; -?> - - - - + +
+
+
+
+
+ Assets
+
+
+
+
+
+
+
- Cannot edit the primary contact"; } else { ?>
+ Cannot edit this contact"; } else { ?>
diff --git a/client/document.php b/client/document.php
index 6628eaf6..5a56e2c4 100644
--- a/client/document.php
+++ b/client/document.php
@@ -29,9 +29,9 @@ if (!isset($_GET['id']) && !intval($_GET['id'])) {
$document_id = intval($_GET['id']);
$sql_document = mysqli_query($mysqli,
- "SELECT document_id, document_name, document_content
+ "SELECT document_id, document_name, document_content, document_description
FROM documents
- WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL
+ WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_archived_at IS NULL
LIMIT 1"
);
@@ -41,11 +41,21 @@ if ($row) {
$document_id = intval($row['document_id']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
+ $document_description = nullable_htmlentities($row['document_description']);
} else {
header("Location: post.php?logout");
exit();
}
+// Check for associated files
+$sql_files = mysqli_query($mysqli,
+ "SELECT f.file_id, f.file_name, f.file_reference_name, f.file_ext, f.file_size, f.file_mime_type
+ FROM files f
+ INNER JOIN document_files df ON f.file_id = df.file_id
+ WHERE df.document_id = $document_id AND f.file_client_id = $session_client_id
+ ORDER BY f.file_name ASC"
+);
+
?>
-
-
-
-
-
-
+ 0) {
+ $file_row = mysqli_fetch_array($sql_files);
+ $file_id = intval($file_row['file_id']);
+ $file_name = nullable_htmlentities($file_row['file_name']);
+ $file_reference_name = nullable_htmlentities($file_row['file_reference_name']);
+ $file_ext = strtolower($file_row['file_ext']);
+ $file_size = intval($file_row['file_size']);
+ $file_mime_type = nullable_htmlentities($file_row['file_mime_type']);
+ $file_size_formatted = formatBytes($file_size);
+
+ $file_path = "../uploads/clients/$session_client_id/$file_reference_name";
+
+ // For PDF files, display them inline
+ if ($file_ext == 'pdf') {
+ ?>
+
+
-
+
+
+
+
+
+
+
+
+
+ + + + +
+
+
+
+
+
+
+
+
+
+
+
+
+ + + + +
+ 
+
+
+
+
+
+
+
+
+
+
+ + + + +
+
+ Open File
+
+
+ Download
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Type: File
+ Size:
+
$document_description
") { ?> +
+
+
+
+
+
-
+
+
+
Documents
+
-
+
+ Documents
+
+
+
+
+
+
+
-
-
+
| Amount | Next Bill Date | Frequency | - +Auto Pay | @@ -60,23 +61,7 @@ $recurring_invoices_sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoice $recurring_invoice_amount = floatval($row['recurring_invoice_amount']); $recurring_payment_id = intval($row['recurring_payment_id']); $recurring_payment_recurring_invoice_id = intval($row['recurring_payment_recurring_invoice_id']); - if ($config_stripe_enable) { - if ($recurring_payment_recurring_invoice_id) { - $auto_pay_display = " - Yes - - - - "; - } else { - $auto_pay_display = " - - Create - - "; - //require "recurring_payment_add_modal.php"; - } - } + $recurring_payment_saved_payment_id = intval($row['recurring_payment_saved_payment_id']); if (empty($recurring_invoice_scope)) { $recurring_invoice_scope_display = "-"; @@ -90,19 +75,27 @@ $recurring_invoices_sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoicely | - +- + 0) { ?> - Add Card Details First + Add a Payment Method | diff --git a/client/saved_payment_methods.php b/client/saved_payment_methods.php new file mode 100644 index 00000000..a5cab9dd --- /dev/null +++ b/client/saved_payment_methods.php @@ -0,0 +1,149 @@ + + +
|---|---|---|---|---|---|
| # | +Scope | +Amount | +Date | +Due | ++ |
|---|---|---|---|---|---|
| "> | ++ | + | + | + | + + + + + | + +
-
-
-
-
-
-
-
-
-
-
-
-
-
- Quick Notes
-
-
-
-
-
- 0) { ?>
-
-
- 0) { ?>
-
-
-
-
-
-
-
- Important Contacts
-
-
-
-
-
- |
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- |
-
-
- $contact_phone $contact_extension"; ?>
-
-
- - |
-
-
-
-
-
-
- 0
- || mysqli_num_rows($sql_certificates_expiring) > 0
- || mysqli_num_rows($sql_asset_warranties_expiring) > 0
- || mysqli_num_rows($sql_asset_retire) > 0
- || mysqli_num_rows($sql_licenses_expiring) > 0
- ) { ?>
-
-
-
-
-
- Shared Items
-
-
-
-
-
-
- | - - | -
- Views:
-
- |
- Expires | -- - - - | -
-
-
-
-
-
-
- 0
- || mysqli_num_rows($sql_certificates_expired) > 0
- || mysqli_num_rows($sql_asset_warranties_expired) > 0
- || mysqli_num_rows($sql_asset_retired) > 0
- || mysqli_num_rows($sql_licenses_expired) > 0
- )
- { ?>
-
-
-
-
-
- Expiring in the Next 45 Days
-
-
-
-
- - - Domain: - -- () -
- - - -- - Certificate: - -- () -
- - - -- - Asset Warranty: - -- () -
- - - - - -- - Asset Retire: - -- () -
- - - - -- - License: - -- () -
- - - -
-
-
-
-
-
- 0) { ?>
-
-
-
-
-
-
-
- 0) { ?>
-
-
-
-
-
-
-
- Expired
-
-
-
-
- - - Domain: - -- () -
- - - -- - Certificate: - -- () -
- - - - - - - - - -- - Asset Retire: - -- () -
- - - - -- - Software: - -- () -
- - - -
-
-
-
-
-
-
-
-
-
- Recent Activities (Last 10 tasks)
-
-
-
-
-
-
-
-
-
-
- | - | - |
-
-
-
+
+
+
+
+
+
-
-
- -
- = 2) { ?>
-
-
-
-
-
-
-
-
-
-
-
- -
-
- text-nowrap">
-
-
-
- | - - Client Name - - | -- - Primary Location - - | -- - Primary Contact - - - | - = 1) && $config_module_enable_accounting == 1) { ?>Billing | - = 2) { ?>Action | -
|---|---|---|---|---|
|
-
-
-
-
-
-
-
-
-
-
-
-
-
- Abbreviation:
-
- - Created: - |
- - |
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- |
-
-
- = 1) && $config_module_enable_accounting == 1) { ?>
-
-
- Balance
-
-
- Paid
-
-
- Monthly
-
-
- Hourly Rate
-
- |
-
-
-
- = 2) { ?>
-
-
-
-
-
- |
-
-
Blank Page
++
This is a great starting point for new custom pages.
+ +window.location.href = '" . addslashes($url) . "';"; + echo ''; + exit; + } +} + +//Flash Alert Function +function flash_alert(string $message, string $type = 'success'): void { + $_SESSION['alert_type'] = $type; + $_SESSION['alert_message'] = $message; } \ No newline at end of file diff --git a/get_credential.php b/get_credential.php deleted file mode 100644 index aced4afc..00000000 --- a/get_credential.php +++ /dev/null @@ -1,151 +0,0 @@ - 0) { - $row = mysqli_fetch_array($sql_logins); - $data['found'] = "TRUE"; - $data['username'] = nullable_htmlentities(decryptLoginEntry($row['login_username'])); - $data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie - echo json_encode($data); - - // Logging - $login_name = sanitizeInput($row['login_name']); - $login_user = sanitizeInput($row['login_username']); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id"); - - } - } -} - -//TODO: Future work:- -// - Showing multiple logins for a single URL diff --git a/guest/guest_ajax.php b/guest/guest_ajax.php index 7e73c451..c7803375 100644 --- a/guest/guest_ajax.php +++ b/guest/guest_ajax.php @@ -20,7 +20,6 @@ require_once "../plugins/totp/totp.php"; if (isset($_GET['stripe_create_pi'])) { - // Response header header('Content-Type: application/json'); // Params from POST (guest_pay_invoice_stripe.js) @@ -36,16 +35,13 @@ if (isset($_GET['stripe_create_pi'])) { LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id AND invoice_url_key = '$url_key' - AND invoice_status != 'Draft' - AND invoice_status != 'Paid' - AND invoice_status != 'Cancelled' + AND invoice_status NOT IN ('Draft','Paid','Cancelled') LIMIT 1" ); if (!$invoice_sql || mysqli_num_rows($invoice_sql) !== 1) { exit("Invalid Invoice ID/SQL query"); } - // Invoice exists - get details for payment $row = mysqli_fetch_array($invoice_sql); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); @@ -54,15 +50,10 @@ if (isset($_GET['stripe_create_pi'])) { $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); - $config_sql = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); - $config_row = mysqli_fetch_array($config_sql); - $config_stripe_percentage_fee = floatval($config_row['config_stripe_percentage_fee']); - $config_stripe_flat_fee = floatval($config_row['config_stripe_flat_fee']); - // Add up all the payments for the invoice and get the total amount paid to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $row = mysqli_fetch_array($sql_amount_paid); - $amount_paid = floatval($row['amount_paid']); + $row_amt = mysqli_fetch_array($sql_amount_paid); + $amount_paid = floatval($row_amt['amount_paid']); $balance_to_pay = $invoice_amount - $amount_paid; $balance_to_pay = round($balance_to_pay, 2); @@ -71,24 +62,22 @@ if (isset($_GET['stripe_create_pi'])) { exit("No balance outstanding"); } - // Setup Stripe - require_once '../plugins/stripe-php/init.php'; - - - $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_secret, config_stripe_account FROM settings WHERE company_id = 1")); - if ($row['config_stripe_enable'] == 0 || $row['config_stripe_account'] == 0) { + // Setup Stripe from payment_providers + $stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_name = 'Stripe' LIMIT 1")); + if (!$stripe_provider) { exit("Stripe not enabled / configured"); } + $stripe_secret_key = $stripe_provider['payment_provider_private_key']; + + require_once '../plugins/stripe-php/init.php'; - $config_stripe_secret = $row['config_stripe_secret']; $pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $invoice_prefix$invoice_number"; - // Create a PaymentIntent with amount, currency and client details try { - \Stripe\Stripe::setApiKey($config_stripe_secret); + \Stripe\Stripe::setApiKey($stripe_secret_key); $paymentIntent = \Stripe\PaymentIntent::create([ - 'amount' => intval($balance_to_pay * 100), // Times by 100 as Stripe expects values in cents + 'amount' => intval($balance_to_pay * 100), // Stripe expects cents 'currency' => $invoice_currency_code, 'description' => $pi_description, 'metadata' => [ @@ -106,15 +95,10 @@ if (isset($_GET['stripe_create_pi'])) { echo json_encode($output); - } catch (Error $e) { + } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => $e->getMessage()]); } -} - -if (isset($_GET['get_totp_token'])) { - $otp = TokenAuth6238::getTokenCode(strtoupper($_GET['totp_secret'])); - - echo json_encode($otp); + exit; } diff --git a/guest/guest_pay_invoice_stripe.php b/guest/guest_pay_invoice_stripe.php index 4d6127bd..34124a7a 100644 --- a/guest/guest_pay_invoice_stripe.php +++ b/guest/guest_pay_invoice_stripe.php @@ -2,102 +2,84 @@ require_once 'includes/guest_header.php'; -// Define wording DEFINE("WORDING_PAYMENT_FAILED", "There was an error verifying your payment. Please contact us for more information before attempting payment again.
"); -// Setup Stripe -$stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account, config_stripe_expense_vendor, config_stripe_expense_category, config_stripe_percentage_fee, config_stripe_flat_fee FROM settings WHERE company_id = 1")); -$config_stripe_enable = intval($stripe_vars['config_stripe_enable']); -$config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']); -$config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']); -$config_stripe_account = intval($stripe_vars['config_stripe_account']); -$config_stripe_expense_vendor = intval($stripe_vars['config_stripe_expense_vendor']); -$config_stripe_expense_category = intval($stripe_vars['config_stripe_expense_category']); -$config_stripe_percentage_fee = floatval($stripe_vars['config_stripe_percentage_fee']); -$config_stripe_flat_fee = floatval($stripe_vars['config_stripe_flat_fee']); +// --- Get Stripe config from payment_providers table --- +$stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers")); + + +$stripe_publishable = nullable_htmlentities($stripe_provider['payment_provider_public_key']); +$stripe_secret = nullable_htmlentities($stripe_provider['payment_provider_private_key']); +$stripe_account = intval($stripe_provider['payment_provider_account']); +$stripe_expense_vendor = intval($stripe_provider['payment_provider_expense_vendor']); +$stripe_expense_category = intval($stripe_provider['payment_provider_expense_category']); +$stripe_percentage_fee = floatval($stripe_provider['payment_provider_expense_percentage_fee']); +$stripe_flat_fee = floatval($stripe_provider['payment_provider_expense_flat_fee']); -// Check Stripe is configured -if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) { - echo "Stripe payments not enabled/configured
"; - require_once 'includes/guest_footer.php'; - error_log("Stripe payment error - disabled. Check payments are enabled, Expense account is set, Stripe publishable and secret keys are configured."); - exit(); -} // Show payment form -// Users are directed to this page with the invoice_id and url_key params to make a payment if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent'])) { $invoice_url_key = sanitizeInput($_GET['url_key']); - $invoice_id = intval($_GET['invoice_id']); + $invoice_id = intval($_GET['invoice_id']); // Query invoice details $sql = mysqli_query( $mysqli, "SELECT * FROM invoices - LEFT JOIN clients ON invoice_client_id = client_id - WHERE invoice_id = $invoice_id - AND invoice_url_key = '$invoice_url_key' - AND invoice_status != 'Draft' - AND invoice_status != 'Paid' - AND invoice_status != 'Cancelled' - LIMIT 1" + LEFT JOIN clients ON invoice_client_id = client_id + WHERE invoice_id = $invoice_id + AND invoice_url_key = '$invoice_url_key' + AND invoice_status NOT IN ('Draft', 'Paid', 'Cancelled') + LIMIT 1" ); - // Ensure we have a valid invoice + // Ensure valid invoice if (!$sql || mysqli_num_rows($sql) !== 1) { echo "Oops, something went wrong! Please ensure you have the correct URL and have not already paid this invoice.
"; require_once 'includes/guest_footer.php'; - error_log("Stripe payment error - Invoice with ID $invoice_id is unknown/not eligible to be paid."); + error_log("Stripe payment error - Invoice with ID $invoice_id not found or not eligible."); exit(); } - // Process invoice, client and company details/settings $row = mysqli_fetch_array($sql); - $invoice_id = intval($row['invoice_id']); - $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); - $invoice_number = intval($row['invoice_number']); - $invoice_status = nullable_htmlentities($row['invoice_status']); - $invoice_date = nullable_htmlentities($row['invoice_date']); - $invoice_due = nullable_htmlentities($row['invoice_due']); - $invoice_discount = floatval($row['invoice_discount_amount']); - $invoice_amount = floatval($row['invoice_amount']); + $invoice_id = intval($row['invoice_id']); + $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); + $invoice_number = intval($row['invoice_number']); + $invoice_status = nullable_htmlentities($row['invoice_status']); + $invoice_date = nullable_htmlentities($row['invoice_date']); + $invoice_due = nullable_htmlentities($row['invoice_due']); + $invoice_discount = floatval($row['invoice_discount_amount']); + $invoice_amount = floatval($row['invoice_amount']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']); - $client_id = intval($row['client_id']); - $client_name = nullable_htmlentities($row['client_name']); - - $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); - $row = mysqli_fetch_array($sql); - $company_locale = nullable_htmlentities($row['company_locale']); + $client_id = intval($row['client_id']); + $client_name = nullable_htmlentities($row['client_name']); - // Add up all the payments for the invoice and get the total amount paid to the invoice + // Company info for currency formatting, etc + $sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); + $company_row = mysqli_fetch_array($sql_company); + $company_locale = nullable_htmlentities($company_row['company_locale']); + $config_base_url = nullable_htmlentities($company_row['company_base_url'] ?? ''); // You might want to pull from settings if needed + + // Add up all payments made to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $row = mysqli_fetch_array($sql_amount_paid); - $amount_paid = floatval($row['amount_paid']); - $balance_to_pay = $invoice_amount - $amount_paid; - - //Round balance to pay to 2 decimal places - $balance_to_pay = round($balance_to_pay, 2); + $amount_paid = floatval(mysqli_fetch_array($sql_amount_paid)['amount_paid']); + $balance_to_pay = round($invoice_amount - $amount_paid, 2); // Get invoice items $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); - // Set Currency Formatting + // Currency formatting $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); ?> - + - - - +
-
-
-
-
- 0) { ?>
+ 0) { ?>
Discount
-
- 0) { ?>
+
+ 0) { ?>
Paid
-
-
+
Payment for Invoice:
@@ -113,47 +95,39 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent - + ?>
@@ -161,12 +135,10 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-
--------
Hello $contact_name,
We have received online payment for the amount of " . $pi_currency . $pi_amount_paid . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.
Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "
Thank you for your business!
~
$company_name - Billing
$config_invoice_from_email
$company_phone"; - + $subject_internal = "Payment Received - $client_name - Invoice $invoice_prefix$invoice_number"; + $body_internal = "This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-
--------
$body"; $data[] = [ 'from' => $config_invoice_from_email, 'from_name' => $config_invoice_from_name, 'recipient' => $config_invoice_paid_notification_email, 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body, + 'subject' => $subject_internal, + 'body' => $body_internal, ]; } - $mail = addToMailQueue($data); - // Email logging mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id"); - } // Redirect user to invoice - header('Location: //' . $config_base_url . '/guest/guest_view_invoice.php?invoice_id=' . $pi_invoice_id . '&url_key=' . $invoice_url_key); + header('Location: //' . $config_base_url . '/guest/guest_view_invoice.php?invoice_id=' . $invoice_id . '&url_key=' . $invoice_url_key); } else { exit(WORDING_PAYMENT_FAILED); } - require_once 'includes/guest_footer.php'; diff --git a/guest/guest_post.php b/guest/guest_post.php index f18c3fef..07870e8e 100644 --- a/guest/guest_post.php +++ b/guest/guest_post.php @@ -2,13 +2,14 @@ require_once "../config.php"; require_once "../functions.php"; -require_once "../includes/get_settings.php"; +require_once "../includes/load_global_settings.php"; session_start(); require_once "../includes/inc_set_timezone.php"; // Must be included after session_start to work if (isset($_GET['accept_quote'], $_GET['url_key'])) { + $quote_id = intval($_GET['accept_quote']); $url_key = sanitizeInput($_GET['url_key']); @@ -62,14 +63,18 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) { $mail = addToMailQueue($data); } - $_SESSION['alert_message'] = "Quote Accepted"; - header("Location: " . $_SERVER["HTTP_REFERER"]); + flash_alert("Quote Accepted"); + + redirect(); + } else { echo "Invalid!!"; } + } if (isset($_GET['decline_quote'], $_GET['url_key'])) { + $quote_id = intval($_GET['decline_quote']); $url_key = sanitizeInput($_GET['url_key']); @@ -122,16 +127,18 @@ if (isset($_GET['decline_quote'], $_GET['url_key'])) { $mail = addToMailQueue($data); } + flash_alert("Quote Declined", 'danger'); - $_SESSION['alert_type'] = "danger"; - $_SESSION['alert_message'] = "Quote Declined"; - header("Location: " . $_SERVER["HTTP_REFERER"]); + redirect(); + } else { echo "Invalid!!"; } + } if (isset($_GET['reopen_ticket'], $_GET['url_key'])) { + $ticket_id = intval($_GET['ticket_id']); $url_key = sanitizeInput($_GET['url_key']); @@ -141,18 +148,24 @@ if (isset($_GET['reopen_ticket'], $_GET['url_key'])) { if (mysqli_num_rows($sql) == 1) { // Update the ticket mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key'"); + // Add reply mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket reopened by client (guest URL).', ticket_reply_type = 'Internal', ticket_reply_by = 0, ticket_reply_ticket_id = $ticket_id"); - // Logging + customAction('ticket_update', $ticket_id); - $_SESSION['alert_message'] = "Ticket reopened"; - header("Location: " . $_SERVER["HTTP_REFERER"]); + + flash_alert("Ticket reopened"); + + redirect(); + } else { echo "Invalid!!"; } + } if (isset($_GET['close_ticket'], $_GET['url_key'])) { + $ticket_id = intval($_GET['ticket_id']); $url_key = sanitizeInput($_GET['url_key']); @@ -160,20 +173,26 @@ if (isset($_GET['close_ticket'], $_GET['url_key'])) { $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key' AND ticket_resolved_at IS NOT NULL AND ticket_closed_at IS NULL"); if (mysqli_num_rows($sql) == 1) { + // Update the ticket mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key'"); + // Add reply mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by client (guest URL).', ticket_reply_type = 'Internal', ticket_reply_by = 0, ticket_reply_ticket_id = $ticket_id"); - // Logging + customAction('ticket_close', $ticket_id); - $_SESSION['alert_message'] = "Ticket closed"; - header("Location: " . $_SERVER["HTTP_REFERER"]); + + flash_alert("Ticket closed"); + + redirect(); + } else { echo "Invalid!!"; } } if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) { + $ticket_id = intval($_GET['ticket_id']); $url_key = sanitizeInput($_GET['url_key']); $feedback = sanitizeInput($_GET['feedback']); @@ -194,12 +213,16 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) { appNotify("Feedback", "Guest rated ticket number $ticket_prefix$ticket_number (ID: $ticket_id) as bad", "ticket.php?ticket_id=$ticket_id"); } - $_SESSION['alert_message'] = "Feedback recorded - thank you"; - header("Location: " . $_SERVER["HTTP_REFERER"]); + flash_alert("Feedback recorded - thank you"); + + redirect(); + customAction('ticket_feedback', $ticket_id); + } else { echo "Invalid!!"; } + } if (isset($_GET['export_quote_pdf'])) { @@ -284,14 +307,11 @@ if (isset($_GET['export_quote_pdf'])) { $pdf->SetFont('helvetica', '', 10); // Logo + Right Columns - $html = '
';
- if (!empty($company_logo)) {
- $logo_path = "../uploads/settings/$company_logo";
- if (file_exists($logo_path)) {
- $pdf->Image($logo_path, $pdf->GetX(), $pdf->GetY(), 40);
- }
+ if (!empty($company_logo) && file_exists("../uploads/settings/$company_logo")) {
+ $html .= ' ';
}
$html .= ' |
@@ -305,7 +325,7 @@ if (isset($_GET['export_quote_pdf'])) { } $html .= ' |
'; +
'; // Billing titles $html .= '
'; // Date table - $html .= '
| Date: | @@ -345,6 +365,9 @@ if (isset($_GET['export_quote_pdf'])) {|||||||||||||||||||||||||||||
|
- ' . $name . ' - ' . nl2br($desc) . ' + | ' . $name . '
+ ' . nl2br($desc) . ' |
' . number_format($qty, 2) . ' | ' . numfmt_format_currency($currency_format, $price, $quote_currency_code) . ' | @@ -375,8 +397,8 @@ if (isset($_GET['export_quote_pdf'])) { // Totals $html .= '
| ' . nl2br($quote_note) . ' | -+ | ' . nl2br($quote_note) . ' | +
'; + '; // Billing titles $html .= ' '; // Date table - $html .= '
|