Refactor POST handling.

- Split into admin and user handlers, each admin page gets its own file now
- Enforce role access once for admin POST requests
- Automatically load POST logic for admin-based requests based on the referring page, otherwise automatically load all user request logic
- Add support for using custom POST handlers

post/admin/admin_api.php

@@ -6,9 +6,6 @@
 
 if (isset($_POST['add_api_key'])) {
 
-    validateAdminRole();
-
-    // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
     $name = sanitizeInput($_POST['name']);
@@ -35,9 +32,6 @@ if (isset($_POST['add_api_key'])) {
 
 if (isset($_GET['delete_api_key'])) {
 
-    validateAdminRole();
-
-    // CSRF Check
     validateCSRFToken($_GET['csrf_token']);
 
     $api_key_id = intval($_GET['delete_api_key']);
@@ -59,7 +53,7 @@ if (isset($_GET['delete_api_key'])) {
 }
 
 if (isset($_POST['bulk_delete_api_keys'])) {
-    validateAdminRole();
+
     validateCSRFToken($_POST['csrf_token']);
 
     $count = 0; // Default 0

post/admin/admin_backup.php

@@ -0,0 +1,116 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for DB / master key backup
+ */
+
+if (isset($_GET['download_database'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    // Get All Table Names From the Database
+    $tables = array();
+    $sql = "SHOW TABLES";
+    $result = mysqli_query($mysqli, $sql);
+
+    while ($row = mysqli_fetch_row($result)) {
+        $tables[] = $row[0];
+    }
+
+    $sqlScript = "";
+    foreach ($tables as $table) {
+
+        // Prepare SQLscript for creating table structure
+        $query = "SHOW CREATE TABLE $table";
+        $result = mysqli_query($mysqli, $query);
+        $row = mysqli_fetch_row($result);
+
+        $sqlScript .= "\n\n" . $row[1] . ";\n\n";
+
+
+        $query = "SELECT * FROM $table";
+        $result = mysqli_query($mysqli, $query);
+
+        $columnCount = mysqli_num_fields($result);
+
+        // Prepare SQLscript for dumping data for each table
+        for ($i = 0; $i < $columnCount; $i ++) {
+            while ($row = mysqli_fetch_row($result)) {
+                $sqlScript .= "INSERT INTO $table VALUES(";
+                for ($j = 0; $j < $columnCount; $j ++) {
+
+                    if (isset($row[$j])) {
+                        $sqlScript .= '"' . $row[$j] . '"';
+                    } else {
+                        $sqlScript .= '""';
+                    }
+                    if ($j < ($columnCount - 1)) {
+                        $sqlScript .= ',';
+                    }
+                }
+                $sqlScript .= ");\n";
+            }
+        }
+
+        $sqlScript .= "\n";
+    }
+
+    if (!empty($sqlScript)) {
+
+        $company_name = $session_company_name;
+        // Save the SQL script to a backup file
+        $backup_file_name = date('Y-m-d') . '_ITFlow_backup.sql';
+        $fileHandler = fopen($backup_file_name, 'w+');
+        $number_of_lines = fwrite($fileHandler, $sqlScript);
+        fclose($fileHandler);
+
+        // Download the SQL backup file to the browser
+        header('Content-Description: File Transfer');
+        header('Content-Type: application/octet-stream');
+        header('Content-Disposition: attachment; filename=' . basename($backup_file_name));
+        header('Content-Transfer-Encoding: binary');
+        header('Expires: 0');
+        header('Cache-Control: must-revalidate');
+        header('Pragma: public');
+        header('Content-Length: ' . filesize($backup_file_name));
+        ob_clean();
+        flush();
+        readfile($backup_file_name);
+        exec('rm ' . $backup_file_name);
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Database', log_action = 'Download', log_description = '$session_name downloaded the database', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Database downloaded";
+}
+
+if (isset($_POST['backup_master_key'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $password = $_POST['password'];
+
+    $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
+    $userRow = mysqli_fetch_array($sql);
+
+    if (password_verify($password, $userRow['user_password'])) {
+        $site_encryption_master_key = decryptUserSpecificKey($userRow['user_specific_encryption_ciphertext'], $password);
+
+        //Logging
+        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name retrieved the master encryption key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+        mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Settings', notification = '$session_name retrieved the master encryption key'");
+
+
+        echo "==============================";
+        echo "<br>Master encryption key:<br>";
+        echo "<b>$site_encryption_master_key</b>";
+        echo "<br>==============================";
+    } else {
+        //Log the failure
+        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Master Key', log_action = 'Download', log_description = '$session_name attempted to retrieve the master encryption key (failure)', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+
+        $_SESSION['alert_message'] = "Incorrect password.";
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+    }
+}

post/admin/admin_category.php

@@ -1,13 +1,12 @@
 <?php
 
 /*
- * ITFlow - GET/POST request handler for categories
+ * ITFlow - GET/POST request handler for categories ('category')
  */
 
 if (isset($_POST['add_category'])) {
 
-    require_once 'post/category_model.php';
-
+    require_once 'post/admin/admin_category_model.php';
 
     mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
 
@@ -22,8 +21,7 @@ if (isset($_POST['add_category'])) {
 
 if (isset($_POST['edit_category'])) {
 
-    require_once 'post/category_model.php';
-
+    require_once 'post/admin/admin_category_model.php';
 
     $category_id = intval($_POST['category_id']);
 

post/admin/admin_custom_field.php

@@ -6,7 +6,7 @@
 
 if(isset($_POST['create_custom_field'])){
 
-    require_once 'post/custom_field_model.php';
+    require_once 'post/admin/admin_custom_field_model.php';
 
     $table = sanitizeInput($_POST['table']);
 
@@ -23,7 +23,7 @@ if(isset($_POST['create_custom_field'])){
 
 if(isset($_POST['edit_custom_field'])){
 
-    require_once 'post/custom_field_model.php';
+    require_once 'post/admin/admin_custom_field_model.php';
 
     $custom_field_id = intval($_POST['custom_field_id']);
 

post/admin/admin_custom_link.php

@@ -0,0 +1,61 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for showing custom links on navbars
+ */
+
+if (isset($_POST['add_custom_link'])) {
+
+    $name = sanitizeInput($_POST['name']);
+    $uri = sanitizeInput($_POST['uri']);
+    $new_tab = intval($_POST['new_tab']);
+    $icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
+    $order = intval($_POST['order']);
+    $location = intval($_POST['location']);
+
+    mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Create', log_description = '$session_name created custom link $name --> $uri', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Custom link successfully created!";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_custom_link'])) {
+
+    $custom_link_id = intval($_POST['custom_link_id']);
+    $name = sanitizeInput($_POST['name']);
+    $uri = sanitizeInput($_POST['uri']);
+    $new_tab = intval($_POST['new_tab']);
+    $icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
+    $order = intval($_POST['order']);
+    $location = intval($_POST['location']);
+
+    mysqli_query($mysqli,"UPDATE custom_links SET custom_link_name = '$name', custom_link_uri = '$uri', custom_link_new_tab = $new_tab, custom_link_icon = '$icon', custom_link_order = $order, custom_link_location = $location WHERE custom_link_id = $custom_link_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Modify', log_description = '$session_name edited the custom link $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Custom Link modified";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_custom_link'])) {
+    $custom_link_id = intval($_GET['delete_custom_link']);
+
+    mysqli_query($mysqli,"DELETE FROM custom_links WHERE custom_link_id = $custom_link_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Custom Link', log_action = 'Delete', log_description = '$session_name deleted a custom link', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Cusatom Link deleted!";
+    $_SESSION['alert_type'] = "error";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_document_template.php

@@ -0,0 +1,28 @@
+<?php
+
+// Doc Templates
+
+// Import shared code from user-side docs as we reuse functions
+require_once 'post/user/document.php';
+
+if (isset($_POST['add_document_template'])) {
+
+    $client_id = intval($_POST['client_id']);
+    $name = sanitizeInput($_POST['name']);
+    $description = sanitizeInput($_POST['description']);
+    $content = mysqli_real_escape_string($mysqli,$_POST['content']);
+    $content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
+    // Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
+
+    // Document add query
+    $add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0");
+    $document_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = '$session_name created document template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $document_id");
+
+    $_SESSION['alert_message'] = "Document template <strong>$name</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_mail_queue.php

@@ -0,0 +1,88 @@
+<?php
+
+if (isset($_GET['send_failed_mail'])) {
+
+    $email_id = intval($_GET['send_failed_mail']);
+
+    mysqli_query($mysqli,"UPDATE email_queue SET email_status = 0, email_attempts = 3 WHERE email_id = $email_id");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Send', log_description = '$session_name attempted to force send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id");
+
+    $_SESSION['alert_message'] = "Email Force Sent, give it a minute to resend";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['cancel_mail'])) {
+
+    $email_id = intval($_GET['cancel_mail']);
+
+    mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name canceled send email queue id: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $email_id");
+
+    $_SESSION['alert_message'] = "Email cancelled and marked as failed.";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['bulk_cancel_emails'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $count = 0; // Default 0
+    $email_ids = $_POST['email_ids']; // Get array of email IDs to be cancelled
+
+    if (!empty($email_ids)) {
+
+        // Cycle through array and mark each email as failed
+        foreach ($email_ids as $email_id) {
+
+            $email_id = intval($email_id);
+            mysqli_query($mysqli,"UPDATE email_queue SET email_status = 2, email_attempts = 99, email_failed_at = NOW() WHERE email_id = $email_id");
+
+            $count++;
+        }
+
+        // Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Cancel', log_description = '$session_name bulk cancelled $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+        $_SESSION['alert_message'] = "Cancelled $count email(s)";
+
+    }
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['bulk_delete_emails'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $count = 0; // Default 0
+    $email_ids = $_POST['email_ids']; // Get array of email IDs to be deleted
+
+    if (!empty($email_ids)) {
+
+        // Cycle through array and delete each email
+        foreach ($email_ids as $email_id) {
+
+            $email_id = intval($email_id);
+            mysqli_query($mysqli,"DELETE FROM email_queue WHERE email_id = $email_id");
+
+            $count++;
+        }
+
+        // Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Email', log_action = 'Delete', log_description = '$session_name bulk deleted $count emails from the mail Queue', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+        $_SESSION['alert_type'] = "danger";
+        $_SESSION['alert_message'] = "Deleted $count email(s)";
+
+    }
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_project_template.php

@@ -0,0 +1,107 @@
+<?php
+
+if (isset($_POST['add_project_template'])) {
+
+    validateTechRole();
+    $name = sanitizeInput($_POST['name']);
+    $description = sanitizeInput($_POST['description']);
+
+    mysqli_query($mysqli, "INSERT INTO project_templates SET project_template_name = '$name', project_template_description = '$description'");
+
+    $project_template_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Create', log_description = '$session_name created project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
+
+    $_SESSION['alert_message'] = "You created Project Template <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_project_template'])) {
+
+    validateTechRole();
+    $project_template_id = intval($_POST['project_template_id']);
+    $name = sanitizeInput($_POST['name']);
+    $description = sanitizeInput($_POST['description']);
+
+    mysqli_query($mysqli, "UPDATE project_templates SET project_template_name = '$name', project_template_description = '$description' WHERE project_template_id = $project_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name edited Project template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
+
+    $_SESSION['alert_message'] = "You edited Project Template <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['edit_ticket_template_order'])) {
+
+    validateTechRole();
+    $ticket_template_id = intval($_POST['ticket_template_id']);
+    $project_template_id = intval($_POST['project_template_id']);
+    $order = intval($_POST['order']);
+
+    mysqli_query($mysqli, "UPDATE project_template_ticket_templates SET ticket_template_order = $order WHERE ticket_template_id = $ticket_template_id AND project_template_id = $project_template_id");
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['add_ticket_template_to_project_template'])) {
+
+    validateTechRole();
+    $project_template_id = intval($_POST['project_template_id']);
+    $ticket_template_id = intval($_POST['ticket_template_id']);
+    $order = intval($_POST['order']);
+
+    mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id, ticket_template_order = $order");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name added a ticket template to project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
+
+    $_SESSION['alert_message'] = "You added a ticket template to the project template";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['remove_ticket_template_from_project_template'])) {
+
+    validateTechRole();
+    $ticket_template_id = intval($_POST['ticket_template_id']);
+    $project_template_id = intval($_POST['project_template_id']);
+
+    mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id AND ticket_template_id = $ticket_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Edit', log_description = '$session_name removed a ticket template from a project template', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
+
+    $_SESSION['alert_message'] = "You removed ticket template from the project template";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_GET['delete_project_template'])) {
+
+    validateTechRole();
+
+    $project_template_id = intval($_GET['delete_project_template']);
+
+    // Get project template name
+    $sql = mysqli_query($mysqli, "SELECT * FROM project_templates WHERE project_template_id = $project_template_id");
+    $row = mysqli_fetch_array($sql);
+    $project_template_name = sanitizeInput($row['project_template_name']);
+
+    mysqli_query($mysqli, "DELETE FROM project_templates WHERE project_template_id = $project_template_id");
+
+    // Remove Associated Ticket Templates
+    mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE project_template_id = $project_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project Template', log_action = 'Delete', log_description = '$session_name deleted ticket template $project_template_name and its associated ticket templates and its tasks', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_template_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "You Deleted Project Template <strong>$project_template_name</strong> and its associated ticket templates and tasks";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_role.php

@@ -0,0 +1,56 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for roles
+ */
+
+if (isset($_POST['add_role'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $name = sanitizeInput($_POST['role_name']);
+    $description = sanitizeInput($_POST['role_description']);
+    $admin = intval($_POST['role_is_admin']);
+
+    mysqli_query($mysqli, "INSERT INTO user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin");
+
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Create', log_description = '$session_name created the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Role $name created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_role'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    // Update role metadata
+    $role_id = sanitizeInput($_POST['role_id']);
+    $name = sanitizeInput($_POST['role_name']);
+    $description = sanitizeInput($_POST['role_description']);
+    $admin = intval($_POST['role_is_admin']);
+    mysqli_query($mysqli, "UPDATE user_roles SET user_role_name = '$name', user_role_description = '$description', user_role_is_admin = $admin WHERE user_role_id = $role_id");
+
+    // Update role access levels
+    mysqli_query($mysqli, "DELETE FROM user_role_permissions WHERE user_role_id = $role_id");
+    foreach ($_POST as $key => $value) {
+        if (str_contains($key, '##module_')){
+            $module_id = intval(explode('##', $key)[0]);
+            $access_level = intval($value);
+
+            if ($access_level > 0) {
+                echo $key . ' with id ' . $module_id . " : ". $access_level . "\n";
+                mysqli_query($mysqli, "INSERT INTO user_role_permissions SET user_role_id = $role_id, module_id = $module_id, user_role_permission_level = $access_level");
+            }
+        }
+
+    }
+
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Role', log_action = 'Modify', log_description = '$session_name updated the $name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Role $name updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_settings_company.php

@@ -0,0 +1,55 @@
+<?php
+
+if (isset($_POST['edit_company'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $name = sanitizeInput($_POST['name']);
+    $address = sanitizeInput($_POST['address']);
+    $city = sanitizeInput($_POST['city']);
+    $state = sanitizeInput($_POST['state']);
+    $zip = sanitizeInput($_POST['zip']);
+    $country = sanitizeInput($_POST['country']);
+    $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
+    $email = sanitizeInput($_POST['email']);
+    $website = sanitizeInput($_POST['website']);
+
+    $sql = mysqli_query($mysqli,"SELECT company_logo FROM companies WHERE company_id = 1");
+    $row = mysqli_fetch_array($sql);
+    $existing_file_name = sanitizeInput($row['company_logo']);
+
+    // Check to see if a file is attached
+    if ($_FILES['file']['tmp_name'] != '') {
+        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
+            $file_tmp_path = $_FILES['file']['tmp_name'];
+
+
+            // directory in which the uploaded file will be moved
+            $upload_file_dir = "uploads/settings/";
+            $dest_path = $upload_file_dir . $new_file_name;
+
+            move_uploaded_file($file_tmp_path, $dest_path);
+
+            // Delete old file
+            unlink("uploads/settings/$existing_file_name");
+
+            // Set Logo
+            mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
+
+            $_SESSION['alert_message'] = 'File successfully uploaded.';
+        }else{
+
+            $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
+        }
+    }
+
+    mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Modify', log_description = '$session_name modified company $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Company <strong>$name</strong> updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_default.php

@@ -0,0 +1,27 @@
+<?php
+
+if (isset($_POST['edit_default_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $start_page = sanitizeInput($_POST['start_page']);
+    $expense_account = intval($_POST['expense_account']);
+    $payment_account = intval($_POST['payment_account']);
+    $payment_method = sanitizeInput($_POST['payment_method']);
+    $expense_payment_method = sanitizeInput($_POST['expense_payment_method']);
+    $transfer_from_account = intval($_POST['transfer_from_account']);
+    $transfer_to_account = intval($_POST['transfer_to_account']);
+    $calendar = intval($_POST['calendar']);
+    $net_terms = intval($_POST['net_terms']);
+    $hourly_rate = floatval($_POST['hourly_rate']);
+    $phone_mask = intval($_POST['phone_mask']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_start_page = '$start_page', config_default_expense_account = $expense_account, config_default_payment_account = $payment_account, config_default_payment_method = '$payment_method', config_default_expense_payment_method = '$expense_payment_method', config_default_transfer_from_account = $transfer_from_account, config_default_transfer_to_account = $transfer_to_account, config_default_calendar = $calendar, config_default_net_terms = $net_terms, config_default_hourly_rate = $hourly_rate, config_phone_mask = $phone_mask WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified default settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Default settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_settings_integration.php

@@ -0,0 +1,19 @@
+<?php
+
+if (isset($_POST['edit_integrations_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $azure_client_id = sanitizeInput($_POST['azure_client_id']);
+    $azure_client_secret = sanitizeInput($_POST['azure_client_secret']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_azure_client_id = '$azure_client_id', config_azure_client_secret = '$azure_client_secret' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified integrations settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Integrations Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_invoice.php

@@ -0,0 +1,25 @@
+<?php
+
+if (isset($_POST['edit_invoice_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_invoice_prefix = sanitizeInput($_POST['config_invoice_prefix']);
+    $config_invoice_next_number = intval($_POST['config_invoice_next_number']);
+    $config_invoice_footer = sanitizeInput($_POST['config_invoice_footer']);
+    $config_invoice_late_fee_enable = intval($_POST['config_invoice_late_fee_enable']);
+    $config_invoice_late_fee_percent = floatval($_POST['config_invoice_late_fee_percent']);
+    $config_recurring_prefix = sanitizeInput($_POST['config_recurring_prefix']);
+    $config_recurring_next_number = intval($_POST['config_recurring_next_number']);
+
+
+    mysqli_query($mysqli,"UPDATE settings SET config_invoice_prefix = '$config_invoice_prefix', config_invoice_next_number = $config_invoice_next_number, config_invoice_footer = '$config_invoice_footer', config_invoice_late_fee_enable = $config_invoice_late_fee_enable, config_invoice_late_fee_percent = $config_invoice_late_fee_percent, config_recurring_prefix = '$config_recurring_prefix', config_recurring_next_number = $config_recurring_next_number WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited invoice settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Invoice Settings edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_localization.php

@@ -0,0 +1,22 @@
+<?php
+
+if (isset($_POST['edit_localization'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $locale = sanitizeInput($_POST['locale']);
+    $currency_code = sanitizeInput($_POST['currency_code']);
+    $timezone = sanitizeInput($_POST['timezone']);
+
+    mysqli_query($mysqli,"UPDATE companies SET company_locale = '$locale', company_currency = '$currency_code' WHERE company_id = 1");
+
+    mysqli_query($mysqli,"UPDATE settings SET config_timezone = '$timezone' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Edit', log_description = '$session_name edited company localization settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Company localization updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_mail.php

@@ -0,0 +1,157 @@
+<?php
+
+
+if (isset($_POST['edit_mail_smtp_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_smtp_host = sanitizeInput($_POST['config_smtp_host']);
+    $config_smtp_port = intval($_POST['config_smtp_port']);
+    $config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']);
+    $config_smtp_username = sanitizeInput($_POST['config_smtp_username']);
+    $config_smtp_password = sanitizeInput($_POST['config_smtp_password']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_encryption = '$config_smtp_encryption', config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = 1");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified SMTP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "SMTP Mail Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_mail_imap_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_imap_host = sanitizeInput($_POST['config_imap_host']);
+    $config_imap_username = sanitizeInput($_POST['config_imap_username']);
+    $config_imap_password = sanitizeInput($_POST['config_imap_password']);
+    $config_imap_port = intval($_POST['config_imap_port']);
+    $config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_imap_host = '$config_imap_host', config_imap_port = $config_imap_port, config_imap_encryption = '$config_imap_encryption', config_imap_username = '$config_imap_username', config_imap_password = '$config_imap_password' WHERE company_id = 1");
+
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified IMAP mail settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "IMAP Mail Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_mail_from_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL));
+    $config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name']));
+
+    $config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL));
+    $config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name']));
+
+    $config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL));
+    $config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name']));
+
+    $config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL));
+    $config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name']));
+
+    mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified Mail From settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Mail From Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['test_email_smtp'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $test_email = intval($_POST['test_email']);
+    if($test_email == 1) {
+        $email_from = sanitizeInput($config_mail_from_email);
+        $email_from_name = sanitizeInput($config_mail_from_name);
+    } elseif ($test_email == 2) {
+        $email_from = sanitizeInput($config_invoice_from_email);
+        $email_from_name = sanitizeInput($config_invoice_from_name);
+    } elseif ($test_email == 3) {
+        $email_from = sanitizeInput($config_quote_from_email);
+        $email_from_name = sanitizeInput($config_quote_from_name);
+    } else {
+        $email_from = sanitizeInput($config_ticket_from_email);
+        $email_from_name = sanitizeInput($config_ticket_from_name);
+    }
+
+    $email_to = sanitizeInput($_POST['email_to']);
+    $subject = "Test email from ITFlow";
+    $body = "This is a test email from ITFlow. If you are reading this, it worked!";
+
+    $data = [
+        [
+            'from' => $email_from,
+            'from_name' => $email_from_name,
+            'recipient' => $email_to,
+            'recipient_name' => 'Chap',
+            'subject' => $subject,
+            'body' => $body
+        ]
+    ];
+    $mail = addToMailQueue($mysqli, $data);
+
+    if ($mail === true) {
+        $_SESSION['alert_message'] = "Test email queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>";
+    } else {
+        $_SESSION['alert_type'] = "error";
+        $_SESSION['alert_message'] = "Failed to add test mail to queue";
+    }
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+
+// Test IMAP
+// Autoload Composer dependencies
+// require_once __DIR__ . '/../plugins/php-imap/vendor/autoload.php';
+
+// Webklex PHP-IMAP
+//use Webklex\PHPIMAP\ClientManager;
+
+if (isset($_POST['test_email_imap'])) {
+    /*
+        validateCSRFToken($_POST['csrf_token']);
+
+        try {
+            // Initialize the client manager and create the client
+            $clientManager = new ClientManager();
+            $client = $clientManager->make([
+                'host'          => $config_imap_host,
+                'port'          => $config_imap_port,
+                'encryption'    => $config_imap_encryption,
+                'validate_cert' => true,
+                'username'      => $config_imap_username,
+                'password'      => $config_imap_password,
+                'protocol'      => 'imap'
+            ]);
+
+            // Connect to the IMAP server
+            $client->connect();
+
+            $_SESSION['alert_message'] = "Connected successfully";
+        } catch (Exception $e) {
+            $_SESSION['alert_type'] = "error";
+            $_SESSION['alert_message'] = "Test IMAP connection failed: " . $e->getMessage();
+        }
+    */
+    $_SESSION['alert_message'] = "Test is Work In Progress";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_module.php

@@ -0,0 +1,27 @@
+<?php
+
+if (isset($_POST['edit_module_settings'])) {
+
+    $config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc']);
+    $config_module_enable_ticketing = intval($_POST['config_module_enable_ticketing']);
+    $config_module_enable_accounting = intval($_POST['config_module_enable_accounting']);
+    $config_client_portal_enable = intval($_POST['config_client_portal_enable']);
+    $config_whitelabel_key = $_POST['config_whitelabel_key'];
+
+    mysqli_query($mysqli,"UPDATE settings SET config_module_enable_itdoc = $config_module_enable_itdoc, config_module_enable_ticketing = $config_module_enable_ticketing, config_module_enable_accounting = $config_module_enable_accounting, config_client_portal_enable = $config_client_portal_enable WHERE company_id = 1");
+
+    // Validate white label key
+    if (!empty($config_whitelabel_key && validateWhitelabelKey($config_whitelabel_key))) {
+        mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 1, config_whitelabel_key = '$config_whitelabel_key' WHERE company_id = 1");
+    } else {
+        mysqli_query($mysqli, "UPDATE settings SET config_whitelabel_enabled = 0, config_whitelabel_key = '' WHERE company_id = 1");
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified module settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Module Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_notification.php

@@ -0,0 +1,38 @@
+<?php
+
+if (isset($_POST['edit_notification_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_enable_cron = intval($_POST['config_enable_cron']);
+    $config_cron_key = sanitizeInput($_POST['config_cron_key']);
+    $config_enable_alert_domain_expire = intval($_POST['config_enable_alert_domain_expire']);
+    $config_send_invoice_reminders = intval($_POST['config_send_invoice_reminders']);
+    $config_recurring_auto_send_invoice = intval($_POST['config_recurring_auto_send_invoice']);
+    $config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_send_invoice_reminders = $config_send_invoice_reminders, config_recurring_auto_send_invoice = $config_recurring_auto_send_invoice, config_enable_cron = $config_enable_cron, config_enable_alert_domain_expire = $config_enable_alert_domain_expire, config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified notification settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Notification Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['generate_cron_key'])) {
+
+    $key = randomString(32);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_cron_key = '$key' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name regenerated cron key', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Cron key regenerated!";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_online_payment.php

@@ -0,0 +1,24 @@
+<?php
+
+if (isset($_POST['edit_online_payment_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_stripe_enable = intval($_POST['config_stripe_enable']);
+    $config_stripe_publishable = sanitizeInput($_POST['config_stripe_publishable']);
+    $config_stripe_secret = sanitizeInput($_POST['config_stripe_secret']);
+    $config_stripe_account = intval($_POST['config_stripe_account']);
+    $config_stripe_expense_vendor = intval($_POST['config_stripe_expense_vendor']);
+    $config_stripe_expense_category = intval($_POST['config_stripe_expense_category']);
+    $config_stripe_percentage_fee = floatval($_POST['config_stripe_percentage_fee']) / 100;
+    $config_stripe_flat_fee = floatval($_POST['config_stripe_flat_fee']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_stripe_enable = $config_stripe_enable, config_stripe_publishable = '$config_stripe_publishable', config_stripe_secret = '$config_stripe_secret', config_stripe_account = $config_stripe_account, config_stripe_expense_vendor = $config_stripe_expense_vendor, config_stripe_expense_category = $config_stripe_expense_category, config_stripe_percentage_fee = $config_stripe_percentage_fee, config_stripe_flat_fee = $config_stripe_flat_fee WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified online payment settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Online Payment Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_settings_project.php

@@ -0,0 +1,19 @@
+<?php
+
+if (isset($_POST['edit_project_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_project_prefix = sanitizeInput($_POST['config_project_prefix']);
+    $config_project_next_number = intval($_POST['config_project_next_number']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_project_prefix = '$config_project_prefix', config_project_next_number = $config_project_next_number WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified project settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Project Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_quote.php

@@ -0,0 +1,20 @@
+<?php
+
+if (isset($_POST['edit_quote_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_quote_prefix = sanitizeInput($_POST['config_quote_prefix']);
+    $config_quote_next_number = intval($_POST['config_quote_next_number']);
+    $config_quote_footer = sanitizeInput($_POST['config_quote_footer']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_quote_prefix = '$config_quote_prefix', config_quote_next_number = $config_quote_next_number, config_quote_footer = '$config_quote_footer' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified quote settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Quote Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_security.php

@@ -0,0 +1,21 @@
+<?php
+
+if (isset($_POST['edit_security_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_login_message = sanitizeInput($_POST['config_login_message']);
+    $config_login_key_required = intval($_POST['config_login_key_required']);
+    $config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
+    $config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
+    $config_log_retention = intval($_POST['config_log_retention']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire, config_log_retention = $config_log_retention WHERE company_id = 1");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Login key settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_settings_telemetry.php

@@ -0,0 +1,18 @@
+<?php
+
+if (isset($_POST['edit_telemetry_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $config_telemetry = intval($_POST['config_telemetry']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_telemetry = $config_telemetry WHERE company_id = 1");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified telemetry settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Telemetry Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_theme.php

@@ -0,0 +1,55 @@
+<?php
+
+if (isset($_POST['edit_theme_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $theme = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['theme']));
+
+    mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified theme settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Changed theme to <strong>$theme</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['edit_favicon_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    // Check to see if a file is attached
+    if ($_FILES['file']['tmp_name'] != '') {
+        if ($new_file_name = checkFileUpload($_FILES['file'], array('ico'))) {
+            $file_tmp_path = $_FILES['file']['tmp_name'];
+
+            // Delete old file
+            if(file_exists("uploads/favicon.ico")) {
+                unlink("uploads/favicon.ico");
+            }
+
+            // directory in which the uploaded file will be moved
+            $upload_file_dir = "uploads/";
+            //Force File Name
+            $new_file_name = "favicon.ico";
+            $dest_path = $upload_file_dir . $new_file_name;
+
+            move_uploaded_file($file_tmp_path, $dest_path);
+
+            $_SESSION['alert_message'] = 'File successfully uploaded.';
+        }else{
+
+            $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
+        }
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name updated the favicon', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "You updated the favicon";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_settings_ticket.php

@@ -0,0 +1,22 @@
+<?php
+
+if (isset($_POST['edit_ticket_settings'])) {
+
+    $config_ticket_prefix = sanitizeInput($_POST['config_ticket_prefix']);
+    $config_ticket_next_number = intval($_POST['config_ticket_next_number']);
+    $config_ticket_email_parse = intval($_POST['config_ticket_email_parse']);
+    $config_ticket_email_parse_unknown_senders = intval($_POST['config_ticket_email_parse_unknown_senders']);
+    $config_ticket_default_billable = intval($_POST['config_ticket_default_billable']);
+    $config_ticket_autoclose_hours = intval($_POST['config_ticket_autoclose_hours']);
+    $config_ticket_new_ticket_notification_email = sanitizeInput($_POST['config_ticket_new_ticket_notification_email']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_email_parse = $config_ticket_email_parse, config_ticket_email_parse_unknown_senders = $config_ticket_email_parse_unknown_senders, config_ticket_autoclose_hours = $config_ticket_autoclose_hours, config_ticket_new_ticket_notification_email = '$config_ticket_new_ticket_notification_email', config_ticket_default_billable = $config_ticket_default_billable WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Ticket Settings updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_software_template.php

@@ -0,0 +1,48 @@
+<?php
+
+// Software/License Templates
+
+// Import shared code from software-side tickets as we reuse functions
+require_once 'post/user/software.php';
+
+
+if (isset($_POST['add_software_template'])) {
+
+    $name = sanitizeInput($_POST['name']);
+    $version = sanitizeInput($_POST['version']);
+    $description = sanitizeInput($_POST['description']);
+    $type = sanitizeInput($_POST['type']);
+    $license_type = sanitizeInput($_POST['license_type']);
+    $notes = sanitizeInput($_POST['notes']);
+
+    mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes', software_template = 1, software_client_id = 0");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Template', log_action = 'Create', log_description = '$session_user_name created software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Software template created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_software_template'])) {
+
+    $software_id = intval($_POST['software_id']);
+    $name = sanitizeInput($_POST['name']);
+    $version = sanitizeInput($_POST['version']);
+    $description = sanitizeInput($_POST['description']);
+    $type = sanitizeInput($_POST['type']);
+    $license_type = sanitizeInput($_POST['license_type']);
+    $notes = sanitizeInput($_POST['notes']);
+
+    mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes' WHERE software_id = $software_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Teplate', log_action = 'Modify', log_description = '$session_name modified software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Software template updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin/admin_tag.php

@@ -6,8 +6,7 @@
 
 if (isset($_POST['add_tag'])) {
 
-    require_once 'post/tag_model.php';
-
+    require_once 'post/admin/admin_tag_model.php';
 
     mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'");
 
@@ -22,8 +21,7 @@ if (isset($_POST['add_tag'])) {
 
 if (isset($_POST['edit_tag'])) {
 
-    require_once 'post/tag_model.php';
-
+    require_once 'post/admin/admin_tag_model.php';
 
     $tag_id = intval($_POST['tag_id']);
 

post/admin/admin_ticket_status.php

@@ -0,0 +1,57 @@
+<?php
+
+if (isset($_POST['add_ticket_status'])) {
+
+    $name = sanitizeInput($_POST['name']);
+    $color = sanitizeInput($_POST['color']);
+
+    mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color'");
+
+    $ticket_status_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Create', log_description = '$session_name created ticket status $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
+
+    $_SESSION['alert_message'] = "You created Ticket Status <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ticket_status'])) {
+
+    $ticket_status_id = intval($_POST['ticket_status_id']);
+    $name = sanitizeInput($_POST['name']);
+    $color = sanitizeInput($_POST['color']);
+    $status = intval($_POST['status']);
+
+    mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Edit', log_description = '$session_name edited ticket status $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
+
+    $_SESSION['alert_message'] = "You edited Ticket Status <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_ticket_status'])) {
+
+    $ticket_status_id = intval($_GET['delete_ticket_status']);
+
+    // Get ticket status name for logging and notification
+    $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
+    $row = mysqli_fetch_array($sql);
+    $ticket_status_name = sanitizeInput($row['ticket_status_name']);
+
+    mysqli_query($mysqli, "DELETE FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Status', log_action = 'Delete', log_description = '$session_name deleted ticket_status $ticket_status_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_status_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "You Deleted Ticket Status <strong>$ticket_status_name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_ticket_template.php

@@ -0,0 +1,131 @@
+<?php
+
+// Ticket Templates
+
+// Import shared code from user-side tickets/tasks as we reuse functions
+require_once 'post/user/ticket.php';
+require_once 'post/user/task.php';
+
+if (isset($_POST['add_ticket_template'])) {
+
+    validateTechRole();
+    $name = sanitizeInput($_POST['name']);
+    $description = sanitizeInput($_POST['description']);
+    $subject = sanitizeInput($_POST['subject']);
+    $details = mysqli_real_escape_string($mysqli, $_POST['details']);
+    $project_template_id = intval($_POST['project_template']);
+
+    mysqli_query($mysqli, "INSERT INTO ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details'");
+
+    $ticket_template_id = mysqli_insert_id($mysqli);
+
+    if($project_template_id) {
+        mysqli_query($mysqli, "INSERT INTO project_template_ticket_templates SET project_template_id = $project_template_id, ticket_template_id = $ticket_template_id");
+    }
+
+    // Add Tasks to ticket template
+    if (!empty($_POST['tasks'])) {
+        foreach($_POST['tasks'] as $task) {
+            $task_template_name = sanitizeInput($task);
+            if (!empty($task_template_name)) {
+                mysqli_query($mysqli,"INSERT INTO task_templates SET task_template_name = '$task_template_name', task_template_ticket_template_id = $ticket_template_id");
+            }
+        }
+    }
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Create', log_description = '$session_name created ticket template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
+
+    $_SESSION['alert_message'] = "You created Ticket Template <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ticket_template'])) {
+
+    validateTechRole();
+    $ticket_template_id = intval($_POST['ticket_template_id']);
+    $name = sanitizeInput($_POST['name']);
+    $description = sanitizeInput($_POST['description']);
+    $subject = sanitizeInput($_POST['subject']);
+    $details = mysqli_real_escape_string($mysqli, $_POST['details']);
+
+    mysqli_query($mysqli, "UPDATE ticket_templates SET ticket_template_name = '$name', ticket_template_description = '$description', ticket_template_subject = '$subject', ticket_template_details = '$details' WHERE ticket_template_id = $ticket_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Edit', log_description = '$session_name edited ticket template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
+
+    $_SESSION['alert_message'] = "You edited Ticket Template <strong>$name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_GET['delete_ticket_template'])) {
+
+    validateTechRole();
+
+    $ticket_template_id = intval($_GET['delete_ticket_template']);
+
+    // Get ticket template name
+    $sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
+    $row = mysqli_fetch_array($sql);
+    $ticket_template_name = sanitizeInput($row['ticket_template_name']);
+
+    mysqli_query($mysqli, "DELETE FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
+
+    // Delete Associated Tasks
+    mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
+
+    // Remove from Associated Project Templates
+    mysqli_query($mysqli, "DELETE FROM project_template_ticket_templates WHERE ticket_template_id = $ticket_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket Template', log_action = 'Delete', log_description = '$session_name deleted ticket template $ticket_template_name and its tasks', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "You Deleted Ticket Template <strong>$ticket_template_name</strong> and its associated tasks";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['add_ticket_template_task'])) {
+
+    validateTechRole();
+    $ticket_template_id = intval($_POST['ticket_template_id']);
+    $task_name = sanitizeInput($_POST['task_name']);
+
+    mysqli_query($mysqli, "INSERT INTO task_templates SET task_template_name = '$task_name', task_template_ticket_template_id = $ticket_template_id");
+
+    $task_template_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task Template', log_action = 'Create', log_description = '$session_name created task template $task_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $ticket_template_id");
+
+    $_SESSION['alert_message'] = "You created Task Template <strong>$task_name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_task_template'])) {
+
+    validateTechRole();
+
+    $task_template_id = intval($_GET['delete_task_template']);
+
+    // Get task template name
+    $sql = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_id = $task_template_id");
+    $row = mysqli_fetch_array($sql);
+    $task_template_name = sanitizeInput($row['task_template_name']);
+
+    mysqli_query($mysqli, "DELETE FROM task_templates WHERE task_template_id = $task_template_id");
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Task Template', log_action = 'Delete', log_description = '$session_name deleted task template $task_template_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $task_template_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "You Deleted Task Template <strong>$task_template_name</strong>";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/admin_user.php

@@ -6,11 +6,10 @@
 
 if (isset($_POST['add_user'])) {
 
-    require_once 'post/user_model.php';
-
-    validateAdminRole();
     validateCSRFToken($_POST['csrf_token']);
 
+    require_once 'post/admin/admin_user_model.php';
+
     $password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
     $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
 
@@ -103,13 +102,10 @@ if (isset($_POST['add_user'])) {
 
 if (isset($_POST['edit_user'])) {
 
-    require_once 'post/user_model.php';
-
-
-    validateAdminRole();
-
     validateCSRFToken($_POST['csrf_token']);
 
+    require_once 'post/admin/admin_user_model.php';
+
     $user_id = intval($_POST['user_id']);
     $new_password = trim($_POST['new_password']);
 
@@ -189,7 +185,6 @@ if (isset($_POST['edit_user'])) {
 
 if (isset($_GET['activate_user'])) {
 
-    validateAdminRole();
     validateCSRFToken($_GET['csrf_token']);
 
     $user_id = intval($_GET['activate_user']);
@@ -212,7 +207,6 @@ if (isset($_GET['activate_user'])) {
 
 if (isset($_GET['disable_user'])) {
 
-    validateAdminRole();
     validateCSRFToken($_GET['csrf_token']);
 
     $user_id = intval($_GET['disable_user']);
@@ -240,7 +234,6 @@ if (isset($_GET['disable_user'])) {
 
 if (isset($_GET['revoke_remember_me'])) {
 
-    validateAdminRole();
     validateCSRFToken($_GET['csrf_token']);
 
     $user_id = intval($_GET['revoke_remember_me']);
@@ -263,9 +256,6 @@ if (isset($_GET['revoke_remember_me'])) {
 
 if (isset($_GET['archive_user'])) {
 
-    validateAdminRole();
-
-    // CSRF Check
     validateCSRFToken($_GET['csrf_token']);
 
     // Variables from GET
@@ -292,8 +282,6 @@ if (isset($_GET['archive_user'])) {
 
 if (isset($_POST['export_users_csv'])) {
 
-    validateAdminRole();
-
     //get records from database
     $sql = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC");
 
@@ -350,8 +338,6 @@ if (isset($_POST['ir_reset_user_password'])) {
 
     // Incident response: allow mass reset of agent passwords
 
-    validateAdminRole();
-
     validateCSRFToken($_POST['csrf_token']);
 
     // Confirm logged-in user password, for security

post/admin/admin_vendor_template.php

@@ -0,0 +1,116 @@
+<?php
+
+// Vendor Templates
+
+// Import shared code from user-side vendor management  as we reuse functions
+require_once 'post/user/vendor.php';
+
+if (isset($_POST['add_vendor_template'])) {
+
+    require_once 'post/user/vendor_model.php';
+
+    mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template = 1, vendor_client_id = 0");
+
+    $vendor_id = mysqli_insert_id($mysqli);
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Create', log_description = '$session_name created vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Vendor template <strong>$name</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_POST['edit_vendor_template'])) {
+
+    require_once 'post/user/vendor_model.php';
+
+    $vendor_id = intval($_POST['vendor_id']);
+    $vendor_template_id = intval($_POST['vendor_template_id']);
+
+    if ($_POST['global_update_vendor_name'] == 1) {
+        $sql_global_update_vendor_name = ", vendor_name = '$name'";
+    } else {
+        $sql_global_update_vendor_name = "";
+    }
+
+    if ($_POST['global_update_vendor_description'] == 1) {
+        $sql_global_update_vendor_description = ", vendor_description = '$description'";
+    } else {
+        $sql_global_update_vendor_description = "";
+    }
+
+    if ($_POST['global_update_vendor_account_number'] == 1) {
+        $sql_global_update_vendor_account_number = ", vendor_account_number = '$account_number'";
+    } else {
+        $sql_global_update_vendor_account_number = "";
+    }
+
+    if ($_POST['global_update_vendor_contact_name'] == 1) {
+        $sql_global_update_vendor_contact_name = ", vendor_contact_name = '$contact_name'";
+    } else {
+        $sql_global_update_vendor_contact_name = "";
+    }
+
+    if ($_POST['global_update_vendor_phone'] == 1) {
+        $sql_global_update_vendor_phone = ", vendor_phone = '$phone', vendor_extension = '$extension'";
+    } else {
+        $sql_global_update_vendor_phone = "";
+    }
+
+    if ($_POST['global_update_vendor_hours'] == 1) {
+        $sql_global_update_vendor_hours = ", vendor_hours = '$hours'";
+    } else {
+        $sql_global_update_vendor_hours = "";
+    }
+
+    if ($_POST['global_update_vendor_email'] == 1) {
+        $sql_global_update_vendor_email = ", vendor_email = '$email'";
+    } else {
+        $sql_global_update_vendor_email = "";
+    }
+
+    if ($_POST['global_update_vendor_website'] == 1) {
+        $sql_global_update_vendor_website = ", vendor_website = '$website'";
+    } else {
+        $sql_global_update_vendor_website = "";
+    }
+
+    if ($_POST['global_update_vendor_sla'] == 1) {
+        $sql_global_update_vendor_sla = ", vendor_sla = '$sla'";
+    } else {
+        $sql_global_update_vendor_sla = "";
+    }
+
+    if ($_POST['global_update_vendor_code'] == 1) {
+        $sql_global_update_vendor_code = ", vendor_code = '$code'";
+    } else {
+        $sql_global_update_vendor_code = "";
+    }
+
+    if ($_POST['global_update_vendor_notes'] == 1) {
+        $sql_global_update_vendor_notes = ", vendor_notes = '$notes'";
+    } else {
+        $sql_global_update_vendor_notes = "";
+    }
+
+    // Update just the template
+    mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes' WHERE vendor_id = $vendor_id");
+
+    if ($_POST['update_base_vendors'] == 1) {
+        // Update client related vendors if anything is checked
+        $sql = "$sql_global_update_vendor_name $sql_global_update_vendor_description $sql_global_update_vendor_account_number $sql_global_update_vendor_contact_name $sql_global_update_vendor_phone $sql_global_update_vendor_hours $sql_global_update_vendor_email $sql_global_update_vendor_website $sql_global_update_vendor_sla $sql_global_update_vendor_code $sql_global_update_vendor_notes";
+
+        // Remove the first comma to prevent MySQL error
+        $sql = preg_replace('/,/', '', $sql, 1);
+
+        mysqli_query($mysqli,"UPDATE vendors SET $sql WHERE vendor_template_id = $vendor_id");
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Modify', log_description = '$session_name modified vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Vendor template <strong>$name</strong> modified";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/admin/edit_ai_settings.php

@@ -0,0 +1,26 @@
+<?php
+
+if (isset($_POST['edit_ai_settings'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $provider = sanitizeInput($_POST['provider']);
+    if($provider){
+        $ai_enable = 1;
+    } else {
+        $ai_enable = 0;
+    }
+    $model = sanitizeInput($_POST['model']);
+    $url = sanitizeInput($_POST['url']);
+    $api_key = sanitizeInput($_POST['api_key']);
+
+    mysqli_query($mysqli,"UPDATE settings SET config_ai_enable = $ai_enable, config_ai_provider = '$provider', config_ai_model = '$model', config_ai_url = '$url', config_ai_api_key = '$api_key' WHERE company_id = 1");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Edit', log_description = '$session_name edited AI settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "You updated the AI Settings";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}

post/admin_update.php

@@ -0,0 +1,302 @@
+<?php
+
+if (isset($_GET['update'])) {
+
+    validateAdminRole(); // Old function
+
+    //git fetch downloads the latest from remote without trying to merge or rebase anything. Then the git reset resets the master branch to what you just fetched. The --hard option changes all the files in your working tree to match the files in origin/master
+
+    if (isset($_GET['force_update']) == 1) {
+        exec("git fetch --all");
+        exec("git reset --hard origin/master");
+    } else {
+        exec("git pull");
+    }
+    //header("Location: post.php?update_db");
+
+
+    // Send Telemetry if enabled during update
+    if ($config_telemetry > 0 OR $config_telemetry = 2) {
+
+        $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
+        $row = mysqli_fetch_array($sql);
+
+        $company_name = sanitizeInput($row['company_name']);
+        $website = sanitizeInput($row['company_website']);
+        $city = sanitizeInput($row['company_city']);
+        $state = sanitizeInput($row['company_state']);
+        $country = sanitizeInput($row['company_country']);
+        $currency = sanitizeInput($row['company_currency']);
+        $current_version = exec("git rev-parse HEAD");
+
+        // Client Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('client_id') AS num FROM clients"));
+        $client_count = $row['num'];
+
+        // Ticket Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM tickets"));
+        $ticket_count = $row['num'];
+
+        // Scheduled Ticket Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('scheduled_ticket_id') AS num FROM scheduled_tickets"));
+        $scheduled_ticket_count = $row['num'];
+
+        // Calendar Event Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM events"));
+        $calendar_event_count = $row['num'];
+
+        // Quote Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes"));
+        $quote_count = $row['num'];
+
+        // Invoice Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices"));
+        $invoice_count = $row['num'];
+
+        // Revenue Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('revenue_id') AS num FROM revenues"));
+        $revenue_count = $row['num'];
+
+        // Recurring Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring"));
+        $recurring_count = $row['num'];
+
+        // Account Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('account_id') AS num FROM accounts"));
+        $account_count = $row['num'];
+
+        // Tax Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tax_id') AS num FROM taxes"));
+        $tax_count = $row['num'];
+
+        // Product Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('product_id') AS num FROM products"));
+        $product_count = $row['num'];
+
+        // Payment Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments WHERE payment_invoice_id > 0"));
+        $payment_count = $row['num'];
+
+        // Company Vendor Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 0 AND vendor_client_id = 0"));
+        $company_vendor_count = $row['num'];
+
+        // Expense Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('expense_id') AS num FROM expenses WHERE expense_vendor_id > 0"));
+        $expense_count = $row['num'];
+
+        // Trip Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips"));
+        $trip_count = $row['num'];
+
+        // Transfer Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('transfer_id') AS num FROM transfers"));
+        $transfer_count = $row['num'];
+
+        // Contact Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts"));
+        $contact_count = $row['num'];
+
+        // Location Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations"));
+        $location_count = $row['num'];
+
+        // Asset Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets"));
+        $asset_count = $row['num'];
+
+        // Software Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_template = 0"));
+        $software_count = $row['num'];
+
+        // Software Template Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_template = 1"));
+        $software_template_count = $row['num'];
+
+        // Password Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins"));
+        $password_count = $row['num'];
+
+        // Network Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks"));
+        $network_count = $row['num'];
+
+        // Certificate Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates"));
+        $certificate_count = $row['num'];
+
+        // Domain Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains"));
+        $domain_count = $row['num'];
+
+        // Service Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services"));
+        $service_count = $row['num'];
+
+        // Client Vendor Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 0 AND vendor_client_id > 0"));
+        $client_vendor_count = $row['num'];
+
+        // Vendor Template Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_template = 1"));
+        $vendor_template_count = $row['num'];
+
+        // File Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files"));
+        $file_count = $row['num'];
+
+        // Document Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_template = 0"));
+        $document_count = $row['num'];
+
+        // Document Template Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_template = 1"));
+        $document_template_count = $row['num'];
+
+        // Shared Item Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('item_id') AS num FROM shared_items"));
+        $shared_item_count = $row['num'];
+
+        // Company Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('company_id') AS num FROM companies"));
+        $company_count = $row['num'];
+
+        // User Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('user_id') AS num FROM users"));
+        $user_count = $row['num'];
+
+        // Category Expense Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Expense'"));
+        $category_expense_count = $row['num'];
+
+        // Category Income Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Income'"));
+        $category_income_count = $row['num'];
+
+        // Category Referral Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Referral'"));
+        $category_referral_count = $row['num'];
+
+        // Category Payment Method Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('category_id') AS num FROM categories WHERE category_type = 'Payment Method'"));
+        $category_payment_method_count = $row['num'];
+
+        // Tag Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('tag_id') AS num FROM tags"));
+        $tag_count = $row['num'];
+
+        // API Key Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('api_key_id') AS num FROM api_keys"));
+        $api_key_count = $row['num'];
+
+        // Log Count
+        $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('log_id') AS num FROM logs"));
+        $log_count = $row['num'];
+
+        $postdata = http_build_query(
+            array(
+                'installation_id' => "$installation_id",
+                'version' => "$current_version",
+                'company_name' => "$company_name",
+                'website' => "$website",
+                'city' => "$city",
+                'state' => "$state",
+                'country' => "$country",
+                'currency' => "$currency",
+                'comments' => "$comments",
+                'client_count' => $client_count,
+                'ticket_count' => $ticket_count,
+                'scheduled_ticket_count' => $scheduled_ticket_count,
+                'calendar_event_count' => $calendar_event_count,
+                'quote_count' => $quote_count,
+                'invoice_count' => $invoice_count,
+                'revenue_count' => $revenue_count,
+                'recurring_count' => $recurring_count,
+                'account_count' => $account_count,
+                'tax_count' => $tax_count,
+                'product_count' => $product_count,
+                'payment_count' => $payment_count,
+                'company_vendor_count' => $company_vendor_count,
+                'expense_count' => $expense_count,
+                'trip_count' => $trip_count,
+                'transfer_count' => $transfer_count,
+                'contact_count' => $contact_count,
+                'location_count' => $location_count,
+                'asset_count' => $asset_count,
+                'software_count' => $software_count,
+                'software_template_count' => $software_template_count,
+                'password_count' => $password_count,
+                'network_count' => $network_count,
+                'certificate_count' => $certificate_count,
+                'domain_count' => $domain_count,
+                'service_count' => $service_count,
+                'client_vendor_count' => $client_vendor_count,
+                'vendor_template_count' => $vendor_template_count,
+                'file_count' => $file_count,
+                'document_count' => $document_count,
+                'document_template_count' => $document_template_count,
+                'shared_item_count' => $shared_item_count,
+                'company_count' => $company_count,
+                'user_count' => $user_count,
+                'category_expense_count' => $category_expense_count,
+                'category_income_count' => $category_income_count,
+                'category_referral_count' => $category_referral_count,
+                'category_payment_method_count' => $category_payment_method_count,
+                'tag_count' => $tag_count,
+                'api_key_count' => $api_key_count,
+                'log_count' => $log_count,
+                'config_theme' => "$config_theme",
+                'config_enable_cron' => $config_enable_cron,
+                'config_ticket_email_parse' => $config_ticket_email_parse,
+                'config_module_enable_itdoc' => $config_module_enable_itdoc,
+                'config_module_enable_ticketing' => $config_module_enable_ticketing,
+                'config_module_enable_accounting' => $config_module_enable_accounting,
+                'config_telemetry' => $config_telemetry,
+                'collection_method' => 4
+            )
+        );
+
+        $opts = array('http' =>
+            array(
+                'method' => 'POST',
+                'header' => 'Content-type: application/x-www-form-urlencoded',
+                'content' => $postdata
+            )
+        );
+
+        $context = stream_context_create($opts);
+
+        $result = file_get_contents('https://telemetry.itflow.org', false, $context);
+
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Update', log_description = '$session_name ran updates', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Update successful";
+
+    sleep(1);
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['update_db'])) {
+
+    validateAdminRole(); // Old function
+
+    // Get the current version
+    require_once ('database_version.php');
+
+    // Perform upgrades, if required
+    require_once ('database_updates.php');
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Update', log_description = '$session_name updated the database structure', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Database structure update successful";
+
+    sleep(1);
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/ai.php

@@ -4,6 +4,8 @@
  * ITFlow - GET/POST request handler for AI Functions
  */
 
+// TODO: Should this be moved to AJAX?
+
 if (isset($_GET['ai_reword'])) {
 
     header('Content-Type: application/json');
@@ -54,4 +56,4 @@ if (isset($_GET['ai_reword'])) {
         echo json_encode(['rewordedText' => 'Failed to get a response from the OpenAI API.']);
     }
 
-}
+}

post/user/client.php

@@ -9,7 +9,7 @@ if (isset($_POST['add_client'])) {
     validateCSRFToken($_POST['csrf_token']);
     enforceUserPermission('module_client', 2);
 
-    require_once 'post/client_model.php';
+    require_once 'post/user/client_model.php';
 
     $location_phone = preg_replace("/[^0-9]/", '', $_POST['location_phone']);
     $address = sanitizeInput($_POST['address']);
@@ -119,7 +119,7 @@ if (isset($_POST['edit_client'])) {
 
     enforceUserPermission('module_client', 2);
 
-    require_once 'post/client_model.php';
+    require_once 'post/user/client_model.php';
 
     $client_id = intval($_POST['client_id']);
 

post/user/contact.php

@@ -8,7 +8,7 @@ if (isset($_POST['add_contact'])) {
 
     validateTechRole();
 
-    require_once 'post/contact_model.php';
+    require_once 'post/user/contact_model.php';
 
 
     // Set password
@@ -68,7 +68,7 @@ if (isset($_POST['edit_contact'])) {
 
     validateTechRole();
 
-    require_once 'post/contact_model.php';
+    require_once 'post/user/contact_model.php';
 
     $contact_id = intval($_POST['contact_id']);
     $send_email = intval($_POST['send_email']);
@@ -193,7 +193,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
 
     // Get Selected Contacts Count
     $contact_count = count($_POST['contact_ids']);
-    
+
     // Assign Location to Selected Contacts
     if (!empty($_POST['contact_ids'])) {
         foreach($_POST['contact_ids'] as $contact_id) {
@@ -210,7 +210,7 @@ if (isset($_POST['bulk_assign_contact_location'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name assigned $contact_name to Location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "You assigned <b>$contact_count</b> contacts to location <b>$location_name</b>";
     }
 
@@ -226,7 +226,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
 
     // Get Selected Contacts Count
     $contact_count = count($_POST['contact_ids']);
-    
+
     // Assign Location to Selected Contacts
     if (!empty($_POST['contact_ids'])) {
         foreach($_POST['contact_ids'] as $contact_id) {
@@ -244,7 +244,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name set Phone Number to $phone for $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "You set Phone Number <b>" . formatPhoneNumber($phone) . "</b> on $contact_count</b> contacts";
     }
 
@@ -260,7 +260,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
 
     // Get Selected Contacts Count
     $contact_count = count($_POST['contact_ids']);
-    
+
     // Assign Location to Selected Contacts
     if (!empty($_POST['contact_ids'])) {
         foreach($_POST['contact_ids'] as $contact_id) {
@@ -278,7 +278,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name set Department to $department for $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "You set the Department to <b>$department</b> for <b>$contact_count</b> contacts";
     }
 
@@ -296,7 +296,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
 
     // Get Selected Contacts Count
     $contact_count = count($_POST['contact_ids']);
-    
+
     // Assign Location to Selected Contacts
     if (!empty($_POST['contact_ids'])) {
         foreach($_POST['contact_ids'] as $contact_id) {
@@ -314,7 +314,7 @@ if (isset($_POST['bulk_edit_contact_role'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name updated $contact_name role', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "You updated roles for <b>$contact_count</b> contacts";
     }
 
@@ -348,7 +348,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
             // Add new tags
             foreach($_POST['bulk_tags'] as $tag) {
                 $tag = intval($tag);
-                
+
                 $sql = mysqli_query($mysqli,"SELECT * FROM contact_tags WHERE contact_id = $contact_id AND tag_id = $tag");
                 if (mysqli_num_rows($sql) == 0) {
                     mysqli_query($mysqli, "INSERT INTO contact_tags SET contact_id = $contact_id, tag_id = $tag");
@@ -359,7 +359,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name added tags to $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "Assigned tags for <b>$count</b> contacts";
     }
 
@@ -468,7 +468,7 @@ if (isset($_POST['bulk_delete_contacts'])) {
             $row = mysqli_fetch_array($sql);
             $contact_name = sanitizeInput($row['contact_name']);
             $client_id = intval($row['contact_client_id']);
-            
+
             mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id");
 
             // Remove Relations

post/user/credential.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
- * ITFlow - GET/POST request handler for client logins / passwords
+ * ITFlow - GET/POST request handler for client credentials (formerly logins)
  */
 
 if (isset($_POST['add_login'])) {
@@ -229,7 +229,7 @@ if (isset($_POST['bulk_delete_logins'])) {
             $login_name = sanitizeInput($row['login_name']);
             $client_id = intval($row['login_client_id']);
 
-            
+
             mysqli_query($mysqli, "DELETE FROM logins WHERE login_id = $login_id AND login_client_id = $client_id");
 
             // Remove Relations

post/user/document.php

@@ -71,30 +71,6 @@ if (isset($_POST['add_document_from_template'])) {
 
 }
 
-if (isset($_POST['add_document_template'])) {
-
-    validateTechRole();
-
-    $client_id = intval($_POST['client_id']);
-    $name = sanitizeInput($_POST['name']);
-    $description = sanitizeInput($_POST['description']);
-    $content = mysqli_real_escape_string($mysqli,$_POST['content']);
-    $content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $_POST['content']));
-    // Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching.
-
-    // Document add query
-    $add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 1, document_folder_id = 0, document_created_by = $session_user_id, document_client_id = 0");
-    $document_id = mysqli_insert_id($mysqli);
-
-    // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document Template', log_action = 'Create', log_description = '$session_name created document template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $document_id");
-
-    $_SESSION['alert_message'] = "Document template <strong>$name</strong> created";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-
-}
-
 if (isset($_POST['edit_document'])) {
 
     validateTechRole();
@@ -205,7 +181,7 @@ if (isset($_POST['bulk_move_document'])) {
 
     // Get Selected Document Count
     $document_count = count($_POST['document_ids']);
-    
+
     // Move Documents to Folder Loop
     if (!empty($_POST['document_ids'])) {
         foreach($_POST['document_ids'] as $document_id) {

post/user/event.php

@@ -41,7 +41,7 @@ if (isset($_POST['edit_calendar'])) {
 
 if (isset($_POST['add_event'])) {
 
-    require_once 'post/event_model.php';
+    require_once 'post/user/event_model.php';
 
 
     mysqli_query($mysqli,"INSERT INTO events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
@@ -115,8 +115,7 @@ if (isset($_POST['add_event'])) {
 
 if (isset($_POST['edit_event'])) {
 
-    require_once 'post/event_model.php';
-
+    require_once 'post/user/event_model.php';
 
     $event_id = intval($_POST['event_id']);
 

post/user/expense.php

@@ -6,7 +6,7 @@
 
 if (isset($_POST['add_expense'])) {
 
-    require_once 'post/expense_model.php';
+    require_once 'post/user/expense_model.php';
 
 
     mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'");
@@ -44,7 +44,7 @@ if (isset($_POST['add_expense'])) {
 
 if (isset($_POST['edit_expense'])) {
 
-    require_once 'post/expense_model.php';
+    require_once 'post/user/expense_model.php';
 
 
     $expense_id = intval($_POST['expense_id']);
@@ -119,7 +119,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
 
     // Get Selected Contacts Count
     $expense_count = count($_POST['expense_ids']);
-    
+
     // Assign category to Selected Expenses
     if (!empty($_POST['expense_ids'])) {
         foreach($_POST['expense_ids'] as $expense_id) {
@@ -137,10 +137,10 @@ if (isset($_POST['bulk_edit_expense_category'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to expense category $category_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
 
         } // End Assign Location Loop
-    
+
         $_SESSION['alert_message'] = "You assigned expense category <b>$category_name</b> to <b>$expense_count</b> expenses";
     }
-    
+
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
@@ -155,7 +155,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
 
     // Get Selected Contacts Count
     $expense_count = count($_POST['expense_ids']);
-    
+
     // Assign category to Selected Expenses
     if (!empty($_POST['expense_ids'])) {
         foreach($_POST['expense_ids'] as $expense_id) {
@@ -173,10 +173,10 @@ if (isset($_POST['bulk_edit_expense_account'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to account $account_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
 
         } // End Assign Location Loop
-    
+
         $_SESSION['alert_message'] = "You assigned account <b>$account_name</b> to <b>$expense_count</b> expenses";
     }
-    
+
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
@@ -191,7 +191,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
 
     // Get Selected Contacts Count
     $expense_count = count($_POST['expense_ids']);
-    
+
     // Assign category to Selected Expenses
     if (!empty($_POST['expense_ids'])) {
         foreach($_POST['expense_ids'] as $expense_id) {
@@ -208,10 +208,10 @@ if (isset($_POST['bulk_edit_expense_client'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Edit', log_description = '$session_name assigned $expense_description to client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $expense_id");
 
         } // End Assign Location Loop
-    
+
         $_SESSION['alert_message'] = "You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses";
     }
-    
+
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 

post/user/invoice.php

@@ -6,7 +6,7 @@
 
 if (isset($_POST['add_invoice'])) {
 
-    require_once 'post/invoice_model.php';
+    require_once 'post/user/invoice_model.php';
 
     $client = intval($_POST['client']);
 
@@ -38,7 +38,7 @@ if (isset($_POST['add_invoice'])) {
 
 if (isset($_POST['edit_invoice'])) {
 
-    require_once 'post/invoice_model.php';
+    require_once 'post/user/invoice_model.php';
 
     $invoice_id = intval($_POST['invoice_id']);
     $due = sanitizeInput($_POST['due']);
@@ -1302,7 +1302,7 @@ if (isset($_POST['export_invoices_csv'])) {
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Export', log_description = '$session_name exported invoices to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
-    
+
     exit;
 
 }

post/user/location.php

@@ -8,7 +8,7 @@ if(isset($_POST['add_location'])){
 
     validateTechRole();
 
-    require_once 'post/location_model.php';
+    require_once 'post/user/location_model.php';
 
 
     if(!file_exists("uploads/clients/$client_id")) {
@@ -27,7 +27,7 @@ if(isset($_POST['add_location'])){
         }
     }
 
-    // Update Primay location in clients if primary location is checked
+    // Update Primary location in clients if primary location is checked
     if ($location_primary == 1) {
         mysqli_query($mysqli,"UPDATE locations SET location_primary = 0 WHERE location_client_id = $client_id");
         mysqli_query($mysqli,"UPDATE locations SET location_primary = 1 WHERE location_id = $location_id");
@@ -67,7 +67,7 @@ if(isset($_POST['edit_location'])){
 
     validateTechRole();
 
-    require_once 'post/location_model.php';
+    require_once 'post/user/location_model.php';
 
 
     $location_id = intval($_POST['location_id']);
@@ -234,7 +234,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
             // Add new tags
             foreach($_POST['bulk_tags'] as $tag) {
                 $tag = intval($tag);
-                
+
                 $sql = mysqli_query($mysqli,"SELECT * FROM location_tags WHERE location_id = $location_id AND tag_id = $tag");
                 if (mysqli_num_rows($sql) == 0) {
                     mysqli_query($mysqli, "INSERT INTO location_tags SET location_id = $location_id, tag_id = $tag");
@@ -245,7 +245,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Modify', log_description = '$session_name added tags to $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $location_id");
 
         } // End Assign Location Loop
-        
+
         $_SESSION['alert_message'] = "Assigned tags for <b>$count</b> locations";
     }
 
@@ -355,7 +355,7 @@ if (isset($_POST['bulk_delete_locations'])) {
             $location_name = sanitizeInput($row['location_name']);
             $client_id = intval($row['location_client_id']);
 
-            
+
             mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
             mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Location', log_action = 'Delete', log_description = '$session_name deleted location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $location_id");
 

post/user/network.php

@@ -8,7 +8,7 @@ if (isset($_POST['add_network'])) {
 
     validateTechRole();
 
-    require_once 'post/login_model.php';
+    require_once 'post/user/login_model.php';
 
     mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
 
@@ -29,7 +29,7 @@ if (isset($_POST['edit_network'])) {
 
     $network_id = intval($_POST['network_id']);
 
-    require_once 'post/login_model.php';
+    require_once 'post/user/login_model.php';
 
     mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");
 

post/user/product.php

@@ -7,7 +7,7 @@
 // Products
 if (isset($_POST['add_product'])) {
 
-    require_once 'post/product_model.php';
+    require_once 'post/user/product_model.php';
 
 
     mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category");
@@ -23,8 +23,7 @@ if (isset($_POST['add_product'])) {
 
 if (isset($_POST['edit_product'])) {
 
-    require_once 'post/product_model.php';
-
+    require_once 'post/user/product_model.php';
 
     $product_id = intval($_POST['product_id']);
 
@@ -118,7 +117,7 @@ if (isset($_POST['bulk_edit_product_category'])) {
 
     // Get Count
     $count = count($_POST['product_ids']);
-    
+
     // Assign category to Selected Products
     if (!empty($_POST['product_ids'])) {
         foreach($_POST['product_ids'] as $product_id) {
@@ -135,10 +134,10 @@ if (isset($_POST['bulk_edit_product_category'])) {
             mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Edit', log_description = '$session_name assigned $product_name to income category $category_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
 
         } // End Assign Product Loop
-    
+
         $_SESSION['alert_message'] = "You assigned product category <b>$category_name</b> to <b>$count</b> products";
     }
-    
+
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
@@ -235,7 +234,7 @@ if (isset($_POST['bulk_delete_products'])) {
             $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
             $row = mysqli_fetch_array($sql);
             $product_name = sanitizeInput($row['product_name']);
-            
+
             mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
 
             mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Product', log_action = 'Delete', log_description = '$session_name deleted product $product_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $product_id");
@@ -296,4 +295,4 @@ if (isset($_POST['export_products_csv'])) {
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Product', log_action = 'Export', log_description = '$session_name exported products to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
 
     exit;
-}
+}

post/user/quote.php

@@ -8,7 +8,7 @@ if (isset($_POST['add_quote'])) {
 
     enforceUserPermission('module_sales', 2);
 
-    require_once 'post/quote_model.php';
+    require_once 'post/user/quote_model.php';
 
     $client = intval($_POST['client']);
 
@@ -221,7 +221,7 @@ if (isset($_POST['edit_quote'])) {
 
     enforceUserPermission('module_sales', 2);
 
-    require_once 'post/quote_model.php';
+    require_once 'post/user/quote_model.php';
 
     $quote_id = intval($_POST['quote_id']);
 

post/user/software.php

@@ -4,52 +4,6 @@
  * ITFlow - GET/POST request handler for client software & licenses
  */
 
-// Templates
-
-if (isset($_POST['add_software_template'])) {
-
-    validateTechRole();
-
-    $name = sanitizeInput($_POST['name']);
-    $version = sanitizeInput($_POST['version']);
-    $description = sanitizeInput($_POST['description']);
-    $type = sanitizeInput($_POST['type']);
-    $license_type = sanitizeInput($_POST['license_type']);
-    $notes = sanitizeInput($_POST['notes']);
-
-    mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes', software_template = 1, software_client_id = 0");
-
-    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Template', log_action = 'Create', log_description = '$session_user_name created software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
-
-    $_SESSION['alert_message'] = "Software template created";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-
-}
-
-if (isset($_POST['edit_software_template'])) {
-
-    validateTechRole();
-
-    $software_id = intval($_POST['software_id']);
-    $name = sanitizeInput($_POST['name']);
-    $version = sanitizeInput($_POST['version']);
-    $description = sanitizeInput($_POST['description']);
-    $type = sanitizeInput($_POST['type']);
-    $license_type = sanitizeInput($_POST['license_type']);
-    $notes = sanitizeInput($_POST['notes']);
-
-    mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes' WHERE software_id = $software_id");
-
-    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Teplate', log_action = 'Modify', log_description = '$session_name modified software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
-
-    $_SESSION['alert_message'] = "Software template updated";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-
-}
 
 if (isset($_POST['add_software_from_template'])) {
 

post/user/ticket.php

@@ -1176,7 +1176,7 @@ if (isset($_POST['add_ticket_reply'])) {
     } elseif ($_POST['public_reply_type'] == 2 ) {
         $ticket_reply_type = 'Public';
         $send_email = 1;
-    } else { 
+    } else {
         $ticket_reply_type = 'Internal';
     }
 
@@ -1774,7 +1774,7 @@ if (isset($_POST['add_recurring_ticket'])) {
 
     enforceUserPermission('module_support', 2);
 
-    require_once 'post/recurring_ticket_model.php';
+    require_once 'post/user/ticket_recurring_model.php';
 
     $start_date = sanitizeInput($_POST['start_date']);
 
@@ -1802,7 +1802,7 @@ if (isset($_POST['edit_recurring_ticket'])) {
 
     enforceUserPermission('module_support', 2);
 
-    require_once 'post/recurring_ticket_model.php';
+    require_once 'post/user/ticket_recurring_model.php';
 
     $scheduled_ticket_id = intval($_POST['scheduled_ticket_id']);
     $next_run_date = sanitizeInput($_POST['next_date']);

post/user/transfer.php

@@ -6,7 +6,7 @@
 
 if (isset($_POST['add_transfer'])) {
 
-    require_once 'post/transfer_model.php';
+    require_once 'post/user/transfer_model.php';
 
 
     mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_vendor_id = 0, expense_category_id = 0, expense_account_id = $account_from");
@@ -28,7 +28,7 @@ if (isset($_POST['add_transfer'])) {
 
 if (isset($_POST['edit_transfer'])) {
 
-    require_once 'post/transfer_model.php';
+    require_once 'post/user/transfer_model.php';
 
 
     $transfer_id = intval($_POST['transfer_id']);

post/user/trip.php

@@ -6,7 +6,7 @@
 
 if (isset($_POST['add_trip'])) {
 
-    require_once 'post/trip_model.php';
+    require_once 'post/user/trip_model.php';
 
 
     mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id");
@@ -22,7 +22,7 @@ if (isset($_POST['add_trip'])) {
 
 if (isset($_POST['edit_trip'])) {
 
-    require_once 'post/trip_model.php';
+    require_once 'post/user/trip_model.php';
 
 
     $trip_id = intval($_POST['trip_id']);

post/user/vendor.php

@@ -4,120 +4,6 @@
  * ITFlow - GET/POST request handler for vendors
  */
 
-// Vendor Templates
-
-if (isset($_POST['add_vendor_template'])) {
-
-    require_once 'post/vendor_model.php';
-
-
-    mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes', vendor_template = 1, vendor_client_id = 0");
-
-    $vendor_id = mysqli_insert_id($mysqli);
-
-    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Create', log_description = '$session_name created vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
-
-    $_SESSION['alert_message'] = "Vendor template <strong>$name</strong> created";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-}
-
-if (isset($_POST['edit_vendor_template'])) {
-
-    require_once 'post/vendor_model.php';
-
-
-    $vendor_id = intval($_POST['vendor_id']);
-    $vendor_template_id = intval($_POST['vendor_template_id']);
-
-    if ($_POST['global_update_vendor_name'] == 1) {
-        $sql_global_update_vendor_name = ", vendor_name = '$name'";
-    } else {
-        $sql_global_update_vendor_name = "";
-    }
-
-    if ($_POST['global_update_vendor_description'] == 1) {
-        $sql_global_update_vendor_description = ", vendor_description = '$description'";
-    } else {
-        $sql_global_update_vendor_description = "";
-    }
-
-    if ($_POST['global_update_vendor_account_number'] == 1) {
-        $sql_global_update_vendor_account_number = ", vendor_account_number = '$account_number'";
-    } else {
-        $sql_global_update_vendor_account_number = "";
-    }
-
-    if ($_POST['global_update_vendor_contact_name'] == 1) {
-        $sql_global_update_vendor_contact_name = ", vendor_contact_name = '$contact_name'";
-    } else {
-        $sql_global_update_vendor_contact_name = "";
-    }
-
-    if ($_POST['global_update_vendor_phone'] == 1) {
-        $sql_global_update_vendor_phone = ", vendor_phone = '$phone', vendor_extension = '$extension'";
-    } else {
-        $sql_global_update_vendor_phone = "";
-    }
-
-    if ($_POST['global_update_vendor_hours'] == 1) {
-        $sql_global_update_vendor_hours = ", vendor_hours = '$hours'";
-    } else {
-        $sql_global_update_vendor_hours = "";
-    }
-
-    if ($_POST['global_update_vendor_email'] == 1) {
-        $sql_global_update_vendor_email = ", vendor_email = '$email'";
-    } else {
-        $sql_global_update_vendor_email = "";
-    }
-
-    if ($_POST['global_update_vendor_website'] == 1) {
-        $sql_global_update_vendor_website = ", vendor_website = '$website'";
-    } else {
-        $sql_global_update_vendor_website = "";
-    }
-
-    if ($_POST['global_update_vendor_sla'] == 1) {
-        $sql_global_update_vendor_sla = ", vendor_sla = '$sla'";
-    } else {
-        $sql_global_update_vendor_sla = "";
-    }
-
-    if ($_POST['global_update_vendor_code'] == 1) {
-        $sql_global_update_vendor_code = ", vendor_code = '$code'";
-    } else {
-        $sql_global_update_vendor_code = "";
-    }
-
-    if ($_POST['global_update_vendor_notes'] == 1) {
-        $sql_global_update_vendor_notes = ", vendor_notes = '$notes'";
-    } else {
-        $sql_global_update_vendor_notes = "";
-    }
-
-    // Update just the template
-    mysqli_query($mysqli,"UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_contact_name = '$contact_name', vendor_phone = '$phone', vendor_extension = '$extension', vendor_email = '$email', vendor_website = '$website', vendor_hours = '$hours', vendor_sla = '$sla', vendor_code = '$code', vendor_account_number = '$account_number', vendor_notes = '$notes' WHERE vendor_id = $vendor_id");
-
-    if ($_POST['update_base_vendors'] == 1) {
-        // Update client related vendors if anything is checked
-        $sql = "$sql_global_update_vendor_name $sql_global_update_vendor_description $sql_global_update_vendor_account_number $sql_global_update_vendor_contact_name $sql_global_update_vendor_phone $sql_global_update_vendor_hours $sql_global_update_vendor_email $sql_global_update_vendor_website $sql_global_update_vendor_sla $sql_global_update_vendor_code $sql_global_update_vendor_notes";
-
-        // Remove the first comma to prevent MySQL error
-        $sql = preg_replace('/,/', '', $sql, 1);
-
-        mysqli_query($mysqli,"UPDATE vendors SET $sql WHERE vendor_template_id = $vendor_id");
-    }
-
-    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Vendor Template', log_action = 'Modify', log_description = '$session_name modified vendor template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
-
-    $_SESSION['alert_message'] = "Vendor template <strong>$name</strong> modified";
-
-    header("Location: " . $_SERVER["HTTP_REFERER"]);
-}
-
 if (isset($_POST['add_vendor_from_template'])) {
 
     // GET POST Data
@@ -160,7 +46,7 @@ if (isset($_POST['add_vendor_from_template'])) {
 
 if (isset($_POST['add_vendor'])) {
 
-    require_once 'post/vendor_model.php';
+    require_once 'post/user/vendor_model.php';
 
 
     $client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company
@@ -179,7 +65,7 @@ if (isset($_POST['add_vendor'])) {
 
 if (isset($_POST['edit_vendor'])) {
 
-    require_once 'post/vendor_model.php';
+    require_once 'post/user/vendor_model.php';
 
 
     $vendor_id = intval($_POST['vendor_id']);
@@ -369,7 +255,7 @@ if (isset($_POST['bulk_delete_vendors'])) {
             if ($vendor_template_id > 0) {
                 mysqli_query($mysqli,"UPDATE vendors SET vendor_template_id = 0 WHERE vendor_template_id = $vendor_template_id");
             }
-            
+
             mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id");
 
             // Remove Relations

post/xcustom/readme.php

@@ -0,0 +1,13 @@
+<?php
+
+/*
+    - Custom Pages -
+
+    If you wish to add custom pages to ITFlow, add them to the root directory with the prefix "xcustom_"
+        e.g. If your page was called my_page_one, name it "xcustom_my_page_one.php"
+    Note: If required, you can use the Custom Links module to have the page show on the user sidebar.
+
+    To process POST data via your custom pages, create a file in this directory (post/xcustom) named after your page (e.g. xcustom_my_page_one.php).
+    The relevant file will be automatically loaded upon a POST request based on the referer - your form just needs to target the standard post.php.
+
+ */