AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into csrf

This commit is contained in:
Johnny 2022-05-02 11:31:42 -04:00 committed by GitHub
parent fd6051646c 44f8569b50
commit 5e4870df90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 152 additions and 465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admin_side_nav.php
View File

@ -9,7 +9,7 @@
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
<li class="nav-item mb-3">
<li class="nav-item mb-2">
<a href="dashboard_financial.php" class="nav-link">
<i class="nav-icon fas fa-arrow-left"></i>
<p>Back</p> |
@ -30,8 +30,6 @@
<p>Companies</p>
</a>
</li>
<li class="nav-header mt-3">SETTINGS</li>
<li class="nav-item">
<a href="settings-general.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "settings-general.php") { echo "active"; } ?>">
@ -154,8 +152,6 @@
</a>
</li>
<li class="nav-header mt-3">MORE SETTINGS</li>
<li class="nav-item">
<a href="custom_links.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "custom_links.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-link"></i>

5
api/v1/assets/create.php
View File

@ -66,11 +66,6 @@ if(isset($_POST['asset_notes'])){
} else{
$notes = '';
}
if(isset($_POST['asset_meshcentral_id'])){
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
} else{
$meshcentral_id = '';
}
if(isset($_POST['asset_vendor_id'])){
$vendor = intval($_POST['asset_vendor_id']);
} else{

28
api/v1/assets/delete.php Normal file
View File

@ -0,0 +1,28 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
// Parse ID
$asset_id = intval($_POST['asset_id']);
// Default
$delete_count = FALSE;
if(!empty($asset_id)){
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_name = $row['asset_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check delete & get affected rows
if($delete_sql && !empty($asset_name)){
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../delete_output.php');

9
api/v1/assets/update.php
View File

@ -7,7 +7,7 @@ require('../require_post_method.php');
$asset_id = intval($_POST['asset_id']);
// Default
$update_id = FALSE;
$update_count = FALSE;
if(!empty($asset_id)){
@ -79,11 +79,6 @@ if(!empty($asset_id)){
} else{
$notes = $row['asset_notes'];
}
if(isset($_POST['asset_meshcentral_id'])){
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
} else{
$meshcentral_id = $row['asset_meshcentral_id'];
}
if(isset($_POST['asset_vendor_id'])){
$vendor = intval($_POST['asset_vendor_id']);
} else{
@ -109,7 +104,7 @@ if(!empty($asset_id)){
// Check insert & get insert ID
if($update_sql){
$update_id = mysqli_affected_rows($mysqli);
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");

4
api/v1/contacts/update.php
View File

@ -8,7 +8,7 @@ $contact_id = intval($_POST['contact_id']);
include('contact_model.php');
// Default
$update_id = FALSE;
$update_count = FALSE;
if(!empty($name) && !empty($email)){
@ -16,7 +16,7 @@ if(!empty($name) && !empty($email)){
// Check insert & get insert ID
if($update_sql){
$update_id = mysqli_affected_rows($mysqli);
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");

23
api/v1/delete_output.php Normal file
View File

@ -0,0 +1,23 @@
<?php
/*
* API - delete_output.php
* Included on calls to delete.php endpoints
* Returns success/failure messages
*/
// Check if delete query was successful
if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
// Delete was successful
$return_arr['success'] = "True";
$return_arr['count'] = $delete_count;
}
// Delete query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
}
echo json_encode($return_arr);
exit();

1
api/v1/require_post_method.php
View File

@ -10,6 +10,5 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
// Client ID must be specific for INSERT/UPDATE/DELETE queries
// If this API key allows any client, set $client_id to the one specified, else leave it
if($client_id == 0){
//
$client_id = intval($_POST['client_id']);
}

4
api/v1/update_output.php
View File

@ -7,10 +7,10 @@
*/
// Check if the insert query was successful
if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
if(isset($update_count) && is_numeric($update_count) && $update_count > 0){
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = $update_id;
$return_arr['count'] = $update_count;
}
// Query returned false: something went wrong, or it was declined due to required variables missing

3
client.php
View File

@ -93,9 +93,6 @@ if(isset($_GET['client_id'])){
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id"));
$num_locations = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('department_id') AS num FROM departments WHERE department_archived_at IS NULL AND department_client_id = $client_id"));
$num_departments = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id"));
$num_assets = $row['num'];

16
client_contact_add_modal.php
View File

@ -63,21 +63,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<select class="form-control select2" name="department">
<option value="">- Department -</option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM departments WHERE department_archived_at IS NULL AND department_client_id = $client_id ORDER BY department_name ASC");
while($row = mysqli_fetch_array($sql)){
$department_id = $row['department_id'];
$department_name = $row['department_name'];
?>
<option value="<?php echo $department_id; ?>"><?php echo $department_name; ?></option>
<?php
}
?>
</select>
<input type="text" class="form-control" name="department" placeholder="Department">
</div>
</div>

16
client_contact_edit_modal.php
View File

@ -65,21 +65,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<select class="form-control select2" name="department">
<option value="">- Department -</option>
<?php
$sql_departments = mysqli_query($mysqli,"SELECT * FROM departments WHERE department_client_id = $client_id ORDER BY department_name ASC");
while($row = mysqli_fetch_array($sql_departments)){
$department_id_select = $row['department_id'];
$department_name_select = $row['department_name'];
?>
<option <?php if($department_id_select == $department_id){ echo "selected"; } ?> value="<?php echo $department_id_select; ?>"><?php echo $department_name_select; ?></option>
<?php
}
?>
</select>
<input type="text" class="form-control" name="department" placeholder="Department" value="<?php echo $contact_department; ?>">
</div>
</div>

16
client_contacts.php
View File

@ -24,9 +24,8 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM contacts
LEFT JOIN locations ON location_id = contact_location_id
LEFT JOIN departments ON contact_department_id = department_id
WHERE contact_archived_at IS NULL
AND (contact_name LIKE '%$q%' OR contact_title LIKE '%$q%' OR location_name LIKE '%$q%' OR contact_email LIKE '%$q%' OR department_name LIKE '%$q%' OR contact_phone LIKE '%$n%' OR contact_extension LIKE '%$q%' OR contact_mobile LIKE '%$n%')
AND (contact_name LIKE '%$q%' OR contact_title LIKE '%$q%' OR location_name LIKE '%$q%' OR contact_email LIKE '%$q%' OR contact_department LIKE '%$q%' OR contact_phone LIKE '%$n%' OR contact_extension LIKE '%$q%' OR contact_mobile LIKE '%$n%')
AND contact_client_id = $client_id ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -70,7 +69,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<thead class="thead-light <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th class="text-center"><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=department_name&o=<?php echo $disp; ?>">Department</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_department&o=<?php echo $disp; ?>">Department</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_email&o=<?php echo $disp; ?>">Email</a></th>
<th>Phone</th>
<th>Mobile</th>
@ -90,11 +89,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$contact_title_display = "<small class='text-secondary'>$contact_title</small>";
}
$department_name = $row['department_name'];
if(empty($department_name)){
$department_name_display = "-";
$contact_department = $row['contact_department'];
if(empty($contact_department)){
$contact_department_display = "-";
}else{
$department_name_display = $department_name;
$contact_department_display = $contact_department;
}
$contact_phone = formatPhoneNumber($row['contact_phone']);
if(empty($contact_phone)){
@ -131,7 +130,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$location_name_display = $location_name;
}
$department_id = $row['department_id'];
$auth_method = $row['contact_auth_method'];
// Related Assets Query
@ -181,7 +179,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</a>
</th>
<td><?php echo $department_name_display; ?></td>
<td><?php echo $contact_department_display; ?></td>
<td><?php echo $contact_email_display; ?></td>
<td><?php echo $contact_phone_display; ?> <?php if(!empty($contact_extension)){ echo "x$contact_extension"; } ?></td>
<td><?php echo $contact_mobile_display; ?></td>

32
client_department_add_modal.php
View File

@ -1,32 +0,0 @@
<div class="modal" id="addDepartmentModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> New Department</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<input type="text" class="form-control" name="department_name" placeholder="Department name ex. Financial" required autofocus>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_department" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

33
client_department_edit_modal.php
View File

@ -1,33 +0,0 @@
<div class="modal" id="editDepartmentModal<?php echo $department_id;?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> <?php echo $department_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="department_id" value="<?php echo $department_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<input type="text" class="form-control" name="department_name" placeholder="Department name ex. Financial" value="<?php echo $department_name; ?>" required autofocus>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_department" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

99
client_departments.php
View File

@ -1,99 +0,0 @@
<?php
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "department_name";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM departments
WHERE department_client_id = $client_id
AND (department_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-building"></i> Departments</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDepartmentModal"><i class="fas fa-fw fa-plus"></i> New Department</button>
</div>
</div>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<div class="row">
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
<div class="col-md-8">
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=department_name&o=<?php echo $disp; ?>">Department</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$department_id = $row['department_id'];
$department_name = $row['department_name'];
$department_created_at = $row['department_created_at'];
?>
<tr>
<th>
<a class="text-dark" href="#" data-toggle="modal" data-target="#editDepartmentModal<?php echo $department_id; ?>"><?php echo $department_name; ?></a>
</th>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDepartmentModal<?php echo $department_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_department=<?php echo $department_id; ?>">Delete</a>
</div>
</div>
<?php include("client_department_edit_modal.php"); ?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
<?php include("pagination.php"); ?>
</div>
</div>
<?php include("client_department_add_modal.php"); ?>

30
client_document_add_modal.php
View File

@ -14,36 +14,6 @@
<div class="form-group">
<input type="text" class="form-control" name="name" placeholder="Name" required autofocus>
</div>
<?php
if($document_tags) {
?>
<!-- Document Tags select start -->
<div class="form-group">
<div class="button-group">
<button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown">
<span class="fa fa-fw fa-tag"></span> <span class="caret"></span>
</button>
<ul class="dropdown-menu">
<?php
foreach($document_tags as $document_tag) {
?>
<li>
<div class="form-check">
<label>
<input class="form-check-input" type="checkbox" value="<?php echo $document_tag['tag_id'] ?>" name="tags_ids[<?php echo $document_tag['tag_id']; ?>]"> <?php echo htmlentities($document_tag['tag_name']); ?>
</label>
</div>
</li>
<?php
}
?>
</ul>
</div>
</div>
<!-- Document tags select end -->
<?php
}
?>
<div class="form-group">
<textarea class="form-control summernote" name="content"></textarea>

14
client_documents.php
View File

@ -24,6 +24,12 @@ if(!empty($q)){
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
// Folder ID
$get_folder_id = 0;
if(!empty($_GET['folder_id'])){
$get_folder_id = intval($_GET['folder_id']);
}
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM documents
WHERE document_client_id = $client_id
AND documents.company_id = $session_company_id
@ -60,7 +66,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<hr>
<ul class="nav nav-pills flex-column bg-light">
<li class="nav-item">
<a class="nav-link <?php if($_GET['folder_id'] == 0 || empty($_GET['folder_id'])){ echo "active"; } ?>" href="?client_id=<?php echo $client_id; ?>&tab=documents&folder_id=0">/</a>
<a class="nav-link <?php if($get_folder_id == 0){ echo "active"; } ?>" href="?client_id=<?php echo $client_id; ?>&tab=documents&folder_id=0">/</a>
</li>
<?php
$sql_folders = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
@ -76,9 +82,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<li class="nav-item">
<div class="row">
<div class="col-10">
<a class="nav-link <?php if($_GET['folder_id'] == $folder_id){ echo "active"; } ?> " href="?client_id=<?php echo $client_id; ?>&tab=documents&folder_id=<?php echo $folder_id; ?>">
<a class="nav-link <?php if($get_folder_id == $folder_id){ echo "active"; } ?> " href="?client_id=<?php echo $client_id; ?>&tab=documents&folder_id=<?php echo $folder_id; ?>">
<?php
if($_GET['folder_id'] == $folder_id){ ?>
if($get_folder_id == $folder_id){ ?>
<i class="fas fa-fw fa-folder-open"></i>
<?php
}else{
@ -119,7 +125,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<input type="hidden" name="folder_id" value="<?php echo intval($_GET['folder_id']); ?>">
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<div class="input-group-append">

2
client_invoices.php
View File

@ -18,7 +18,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM invoices
LEFT JOIN categories ON invoice_category_id = category_id
WHERE invoice_client_id = $client_id
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR category_name LIKE '%$q%' OR invoice_status LIKE '%$q%')
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR category_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

4
client_overview.php
View File

@ -1,6 +1,6 @@
<?php
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN departments ON contact_department_id = department_id WHERE contact_client_id = $client_id AND contacts.company_id = $session_company_id ORDER BY contact_updated_at DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id AND contacts.company_id = $session_company_id ORDER BY contact_updated_at DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id AND company_id = $session_company_id ORDER BY vendor_updated_at DESC LIMIT 5");
@ -76,7 +76,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
$contact_extension = $row['contact_extension'];
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
$department_name = $row['department_name'];
$contact_department = $row['contact_department'];
?>
<tr>

3
client_routes.php
View File

@ -13,9 +13,6 @@ if(isset($_GET['tab'])){
elseif($_GET['tab'] == "locations"){
include("client_locations.php");
}
if($_GET['tab'] == "departments"){
include("client_departments.php");
}
elseif($_GET['tab'] == "assets"){
if($session_user_role > 1) {
include("client_assets.php");

27
client_side_nav.php
View File

@ -14,19 +14,17 @@
<p><strong><?php echo $client_name; ?></strong></p>
</a>
</li>
<div class="sidebar-custom">
<div class="sidebar-custom mb-2">
<div class="text-wrap"><?php echo $client_tags_display; ?></div>
</div>
<li class="nav-item mt-3">
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=overview" class="nav-link <?php if($_GET['tab'] == "overview") { echo "active"; } ?>">
<i class="nav-icon fas fa-tachometer-alt"></i>
<p>Overview</p>
</a>
</li>
<li class="nav-header mt-3">CLIENT</li>
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=contacts" class="nav-link <?php if($_GET['tab'] == "contacts") { echo "active"; } ?>">
<i class="nav-icon fas fa-users"></i>
@ -53,20 +51,7 @@
</a>
</li>
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=departments" class="nav-link <?php if($_GET['tab'] == "departments") { echo "active"; } ?>">
<i class="nav-icon fas fa-building"></i>
<p>
Departments
<?php
if($num_departments > 0){ ?>
<span class="right badge badge-light"><?php echo $num_departments; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-header mt-3">ASSETS</li>
<li class="nav-header mt-2">ASSETS</li>
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=assets" class="nav-link <?php if($_GET['tab'] == "assets") { echo "active"; } ?>">
@ -146,7 +131,7 @@
</a>
</li>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-header mt-2">SUPPORT</li>
<?php if($config_module_enable_ticketing == 1){ ?>
<li class="nav-item">
@ -230,7 +215,7 @@
<?php if($session_user_role == 1 || $session_user_role > 2 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">ACCOUNTING</li>
<li class="nav-header mt-2">ACCOUNTING</li>
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=invoices" class="nav-link <?php if($_GET['tab'] == "invoices") { echo "active"; } ?>">
@ -299,7 +284,7 @@
<?php } ?>
<li class="nav-header mt-3">MORE</li>
<li class="nav-header mt-2">MORE</li>
<li class="nav-item">
<a href="?client_id=<?php echo $client_id; ?>&tab=shared-items" class="nav-link <?php if($_GET['tab'] == "shared-items") { echo "active"; } ?>">

13
client_software.php
View File

@ -9,7 +9,8 @@ if(!empty($_GET['sb'])){
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software LEFT JOIN logins ON login_software_id = software_id
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software
LEFT JOIN logins ON login_software_id = software_id
WHERE software_client_id = $client_id
AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
@ -76,6 +77,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$software_expire = $row['software_expire'];
$software_notes = $row['software_notes'];
// Get Login
$login_id = $row['login_id'];
$login_username = $row['login_username'];
$login_password = decryptLoginEntry($row['login_password']);
$seat_count = 0;
// Asset Licenses
@ -96,10 +102,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}
$contact_licenses = implode(',',$contact_licenses_array);
// Get Login
$login_id = $row['login_id'];
$login_username = $row['login_username'];
$login_password = decryptLoginEntry($row['login_password']);
?>
<tr>

25
database_updates.php
View File

@ -177,11 +177,34 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
if(CURRENT_DATABASE_VERSION == '0.0.6'){
// Insert queries here required to update to DB version 0.0.7
mysqli_query($mysqli, "ALTER TABLE contacts ADD contact_department VARCHAR(200) NULL AFTER contact_title");
mysqli_query($mysqli, "DROP TABLE departments");
mysqli_query($mysqli, "ALTER TABLE contacts DROP contact_department_id");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.7'");
}
if(CURRENT_DATABASE_VERSION == '0.0.7'){
// Insert queries here required to update to DB version 0.0.8
// Add contact_department column to tables without it (fresh installs) - this will cause an error if it already exists so catch and discard it
try{
mysqli_query($mysqli, "ALTER TABLE contacts ADD contact_department VARCHAR(200) NULL AFTER contact_title");
} catch(Exception $e) {
// Nothing
}
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.8'");
}
if(CURRENT_DATABASE_VERSION == '0.0.8'){
// Insert queries here required to update to DB version 0.0.9
// ALTER queries.....
// Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.6'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.9'");
}
// etc

2
database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.0.6");
DEFINE("LATEST_DATABASE_VERSION", "0.0.8");

50
db.sql
View File

@ -289,6 +289,7 @@ CREATE TABLE `contacts` (
`contact_id` int(11) NOT NULL AUTO_INCREMENT,
`contact_name` varchar(200) NOT NULL,
`contact_title` varchar(200) DEFAULT NULL,
`contact_department` varchar(200) DEFAULT NULL,
`contact_email` varchar(200) DEFAULT NULL,
`contact_phone` varchar(200) DEFAULT NULL,
`contact_extension` varchar(200) DEFAULT NULL,
@ -302,7 +303,6 @@ CREATE TABLE `contacts` (
`contact_updated_at` datetime DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP,
`contact_archived_at` datetime DEFAULT NULL,
`contact_location_id` int(11) DEFAULT NULL,
`contact_department_id` int(11) DEFAULT NULL,
`contact_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`)
@ -351,40 +351,6 @@ CREATE TABLE `custom_links` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `departments`
--
DROP TABLE IF EXISTS `departments`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `departments` (
`department_id` int(11) NOT NULL AUTO_INCREMENT,
`department_name` varchar(200) NOT NULL,
`department_created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`department_updated_at` datetime DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP,
`department_archived_at` datetime DEFAULT NULL,
`department_client_id` int(11) NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `document_tags`
--
DROP TABLE IF EXISTS `document_tags`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `document_tags` (
`tag_id` int(11) NOT NULL AUTO_INCREMENT,
`tag_name` varchar(30) NOT NULL,
`client_id` int(11) NOT NULL,
PRIMARY KEY (`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `documents`
--
@ -414,20 +380,6 @@ CREATE TABLE `documents` (
--
ALTER TABLE `documents` ADD FULLTEXT KEY `document_content_raw` (`document_content_raw`);
--
-- Table structure for table `documents_tagged`
--
DROP TABLE IF EXISTS `documents_tagged`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `documents_tagged` (
`document_id` int(11) NOT NULL,
`tag_id` int(11) NOT NULL,
PRIMARY KEY (`document_id`,`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `domains`
--

4
global_search.php
View File

@ -12,7 +12,7 @@ if(isset($_GET['query'])){
}
$sql_clients = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN locations ON clients.client_id = locations.location_client_id WHERE client_name LIKE '%$query%' AND clients.company_id = $session_company_id ORDER BY client_id DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id LEFT JOIN departments ON contact_department_id = department_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5");
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");
$sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
@ -102,7 +102,7 @@ if(isset($_GET['query'])){
$contact_email = $row['contact_email'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$department_name = $row['department_name'];
$contact_department = $row['contact_department'];
?>
<tr>

2
invoices.php
View File

@ -125,7 +125,7 @@
WHERE invoices.company_id = $session_company_id
AND (invoice_status LIKE '$status_query')
AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR category_name LIKE '%$q%')
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

132
post.php
View File

@ -1415,7 +1415,7 @@ if(isset($_POST['add_client'])){
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Create', log_description = '$session_name created $name$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Create', log_description = '$session_name created $name$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Client <strong>$name</strong> created";
@ -1442,7 +1442,7 @@ if(isset($_POST['edit_client'])){
$net_terms = intval($_POST['net_terms']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
mysqli_query($mysqli,"UPDATE clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_currency_code = '$currency_code', client_net_terms = $net_terms, client_notes = '$notes', WHERE client_id = $client_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_currency_code = '$currency_code', client_net_terms = $net_terms, client_notes = '$notes' WHERE client_id = $client_id AND company_id = $session_company_id");
//Tags
//Delete existing tags
@ -4201,7 +4201,7 @@ if(isset($_POST['add_contact'])){
$client_id = intval($_POST['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['title'])));
$department = intval($_POST['department']);
$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department'])));
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
@ -4216,7 +4216,7 @@ if(isset($_POST['add_contact'])){
mkdir("uploads/clients/$session_company_id/$client_id");
}
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $session_company_id");
$contact_id = mysqli_insert_id($mysqli);
@ -4289,7 +4289,7 @@ if(isset($_POST['edit_contact'])){
$client_id = intval($_POST['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['title'])));
$department = intval($_POST['department']);
$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department'])));
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
@ -4306,7 +4306,7 @@ if(isset($_POST['edit_contact'])){
mkdir("uploads/clients/$session_company_id/$client_id");
}
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_department_id = $department, contact_location_id = $location_id, contact_updated_at = NOW() WHERE contact_id = $contact_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id, contact_updated_at = NOW() WHERE contact_id = $contact_id AND company_id = $session_company_id");
// Update Primary contact in clients if primary contact is checked
if($primary_contact > 0){
@ -4426,7 +4426,7 @@ if(isset($_GET['export_client_contacts_csv'])){
$client_name = $row['client_name'];
//Contacts
$sql = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN departments ON contact_department_id = department_id WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
if($sql->num_rows > 0){
$delimiter = ",";
$filename = $client_name . "-Contacts-" . date('Y-m-d') . ".csv";
@ -4440,7 +4440,7 @@ if(isset($_GET['export_client_contacts_csv'])){
//output each row of the data, format line as csv and write to file pointer
while($row = $sql->fetch_assoc()){
$lineData = array($row['contact_name'], $row['contact_title'], $row['department_name'], $row['contact_email'], formatPhoneNumber($row['contact_phone']), $row['contact_extension'], formatPhoneNumber($row['contact_mobile']), $row['contact_notes']);
$lineData = array($row['contact_name'], $row['contact_title'], $row['contact_department'], $row['contact_email'], formatPhoneNumber($row['contact_phone']), $row['contact_extension'], formatPhoneNumber($row['contact_mobile']), $row['contact_notes']);
fputcsv($f, $lineData, $delimiter);
}
@ -4698,100 +4698,6 @@ if(isset($_GET['export_client_locations_csv'])){
}
// Client Departments
if(isset($_POST['add_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$client_id = intval($_POST['client_id']);
$department_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department_name'])));
mysqli_query($mysqli,"INSERT INTO departments SET department_name = '$department_name', department_client_id = $client_id, company_id = $session_company_id");
$contact_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Create', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_client_id = $client_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] .= "Department added";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['edit_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$department_id = intval($_POST['department_id']);
$client_id = intval($_POST['client_id']);
$department_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department_name'])));
mysqli_query($mysqli,"UPDATE departments SET department_name = '$department_name', department_updated_at = NOW() WHERE department_id = $department_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Modify', log_description = '$department_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] .= "Department updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['archive_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$department_id = intval($_GET['archive_department']);
mysqli_query($mysqli,"UPDATE departments SET department_archived_at = NOW() WHERE department_id = $department_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Department', log_action = 'Archive', log_description = '$department_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Department Archived!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['delete_department'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$department_id = intval($_GET['delete_department']);
mysqli_query($mysqli,"DELETE FROM departments WHERE department_id = $department_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Delete', log_description = '$department_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Department deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_asset'])){
if($session_user_role == 1){
@ -7526,7 +7432,13 @@ if(isset($_GET['export_client_pdf'])){
$client_id = intval($_GET['export_client_pdf']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN locations ON primary_location = location_id WHERE client_id = $client_id AND clients.company_id = $session_company_id");
$sql = mysqli_query($mysqli,"SELECT * FROM clients
LEFT JOIN contacts ON primary_contact = contact_id
LEFT JOIN locations ON primary_location = location_id
WHERE client_id = $client_id
AND clients.company_id = $session_company_id
");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
@ -7539,7 +7451,7 @@ if(isset($_GET['export_client_pdf'])){
$contact_email = $row['contact_email'];
$client_website = $row['client_website'];
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN departments ON contact_department_id = department_id WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
if(isset($_GET['passwords'])){
@ -7564,7 +7476,7 @@ if(isset($_GET['export_client_pdf'])){
var docDefinition = {
info: {
title: '<?php echo $client_name; ?>- IT Documentation',
title: '<?php echo clean_file_name($client_name); ?>- IT Documentation',
author: <?php echo json_encode($session_company_name); ?>
},
@ -7694,7 +7606,7 @@ if(isset($_GET['export_client_pdf'])){
}
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
$department_name = $row['department_name'];
$contact_department = $row['contact_department'];
?>
[
@ -7707,7 +7619,7 @@ if(isset($_GET['export_client_pdf'])){
style: 'item'
},
{
text: <?php echo json_encode($department_name); ?>,
text: <?php echo json_encode($contact_department); ?>,
style: 'item'
},
{
@ -8492,7 +8404,7 @@ if(isset($_GET['export_client_pdf'])){
while($row = mysqli_fetch_array($sql_software)){
$software_name = $row['software_name'];
$software_type = $row['software_type'];
$software_license = $row['software_license'];
$software_license_type = $row['software_license_type'];
$software_notes = $row['software_notes'];
?>
@ -8506,7 +8418,7 @@ if(isset($_GET['export_client_pdf'])){
style: 'item'
},
{
text: <?php echo json_encode($software_license); ?>,
text: <?php echo json_encode($software_license_type); ?>,
style: 'item'
},
{
@ -8746,7 +8658,7 @@ if(isset($_GET['export_client_pdf'])){
};
pdfMake.createPdf(docDefinition).download('<?php echo $client_name; ?>-IT_Documentation-<?php echo date('Y-m-d'); ?>.pdf');
pdfMake.createPdf(docDefinition).download('<?php echo clean_file_name($client_name); ?>-IT_Documentation-<?php echo date('Y-m-d'); ?>.pdf');
</script>

10
side_nav.php
View File

@ -76,7 +76,7 @@
<?php if($session_user_role >= 2 && $config_module_enable_ticketing == 1){ ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-header mt-2">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-ticket-alt"></i>
@ -107,7 +107,7 @@
<?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">SALES</li>
<li class="nav-header mt-2">SALES</li>
<li class="nav-item">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
@ -138,7 +138,7 @@
<p>Products</p>
</a>
</li>
<li class="nav-header mt-3">ACCOUNTING</li>
<li class="nav-header mt-2">ACCOUNTING</li>
<li class="nav-item">
<a href="payments.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
@ -187,7 +187,7 @@
<?php if($session_user_role == 3){ ?>
<li class="nav-item mt-3">
<li class="nav-item mt-2">
<a href="users.php" class="nav-link">
<i class="nav-icon fas fa-cog"></i>
<p>Settings</p>
@ -204,7 +204,7 @@
?>
<li class="nav-header mt-3">EXTERNAL LINKS</li>
<li class="nav-header mt-2">EXTERNAL LINKS</li>
<?php

2
ticket_edit_modal.php
View File

@ -21,7 +21,7 @@
<option value="0">Not Assigned</option>
<?php
$sql_assign_to_select = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_companies.company_id = $session_company_id ORDER BY user_name ASC");
$sql_assign_to_select = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_companies.company_id = $session_company_id AND user_archived_at IS NULL ORDER BY user_name ASC");
while($row = mysqli_fetch_array($sql_assign_to_select)){
$user_id = $row['user_id'];
$user_name = $row['user_name'];

2
tickets.php
View File

@ -279,7 +279,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
<option value="unassigned"<?php if($ticket_assigned_filter == "0"){echo "selected";}?> >Unassigned</option>
<?php
$sql_assign_to = mysqli_query($mysqli,"SELECT * FROM users ORDER BY user_name ASC");
$sql_assign_to = mysqli_query($mysqli,"SELECT * FROM users WHERE user_archived_at IS NULL ORDER BY user_name ASC");
while($row = mysqli_fetch_array($sql_assign_to)){
$user_id = $row['user_id'];
$user_name = $row['user_name'];