AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:itflow-org/itflow

This commit is contained in:
johnnyq 2022-12-29 18:23:35 -05:00
parent 29a9d6ef8f 14a405ee6d
commit 6dab710b6b
4 changed files with 41 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
companies.php
View File

@ -26,6 +26,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</div>
</div>
<div class="card-body">
<div class="alert alert-danger" role="alert">
<b>The multi-company feature should be considered deprecated.</b> It may be removed in the near future - please see the <a href="https://forum.itflow.org/d/74-removing-the-multi-company-feature">forum post</a>.
</div>
<hr>
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">

106
post.php
View File

@ -25,7 +25,8 @@ if(isset($_GET['switch_company'])){
mysqli_query($mysqli,"UPDATE user_settings SET user_default_company = $company_id WHERE user_id = $session_user_id");
$_SESSION['alert_message'] = "Switched Companies!";
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Switched Companies. <a href='https://forum.itflow.org/d/74-removing-the-multi-company-feature' target='_blank'>Deprecated!</a>";
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Switch', log_description = '$session_name switched to company $company_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@ -43,6 +44,7 @@ if(isset($_GET['switch_company'])){
}
if(isset($_POST['add_user'])){
validateAdminRole();
// CSRF Check
@ -141,6 +143,7 @@ if(isset($_POST['add_user'])){
}
if(isset($_POST['edit_user'])){
validateAdminRole();
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
@ -352,6 +355,7 @@ if(isset($_POST['edit_profile'])){
}
if(isset($_POST['edit_user_companies'])){
validateAdminRole();
$user_id = intval($_POST['user_id']);
@ -377,6 +381,7 @@ if(isset($_POST['edit_user_companies'])){
}
if(isset($_GET['archive_user'])){
validateAdminRole();
// CSRF Check
@ -406,6 +411,7 @@ if(isset($_GET['archive_user'])){
// API Key
if(isset($_POST['add_api_key'])){
validateAdminRole();
// CSRF Check
@ -430,6 +436,7 @@ if(isset($_POST['add_api_key'])){
}
if(isset($_GET['delete_api_key'])){
validateAdminRole();
// CSRF Check
@ -454,6 +461,7 @@ if(isset($_GET['delete_api_key'])){
}
if(isset($_POST['add_company'])){
validateAdminRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -553,8 +561,8 @@ if(isset($_POST['add_company'])){
}
if(isset($_POST['edit_company'])){
validateAdminRole();
validateAdminRole();
$company_id = intval($_POST['company_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$address = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['address'])));
@ -651,6 +659,7 @@ if(isset($_GET['archive_company'])){
}
if(isset($_GET['delete_company'])){
validateAdminRole();
// CSRF Check
@ -777,6 +786,7 @@ if(isset($_POST['verify'])){
}
if(isset($_POST['edit_mail_settings'])){
validateAdminRole();
$config_smtp_host = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_host'])));
@ -828,6 +838,7 @@ if(isset($_POST['edit_mail_settings'])){
}
if(isset($_POST['test_email_smtp'])){
validateAdminRole();
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
@ -850,6 +861,7 @@ if(isset($_POST['test_email_smtp'])){
}
if(isset($_POST['test_email_imap'])){
validateAdminRole();
// Prepare connection string with encryption (TLS/SSL/<blank>)
@ -870,6 +882,7 @@ if(isset($_POST['test_email_imap'])){
}
if(isset($_POST['edit_invoice_settings'])){
validateAdminRole();
$config_invoice_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_invoice_prefix'])));
@ -893,6 +906,7 @@ if(isset($_POST['edit_invoice_settings'])){
}
if(isset($_POST['edit_quote_settings'])){
validateAdminRole();
$config_quote_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_quote_prefix'])));
@ -913,6 +927,7 @@ if(isset($_POST['edit_quote_settings'])){
}
if(isset($_POST['edit_ticket_settings'])){
validateAdminRole();
$config_ticket_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_prefix'])));
@ -934,6 +949,7 @@ if(isset($_POST['edit_ticket_settings'])){
}
if(isset($_POST['edit_default_settings'])){
validateAdminRole();
$expense_account = intval($_POST['expense_account']);
@ -956,6 +972,7 @@ if(isset($_POST['edit_default_settings'])){
}
if(isset($_POST['edit_alert_settings'])){
validateAdminRole();
$config_enable_cron = intval($_POST['config_enable_cron']);
@ -975,6 +992,7 @@ if(isset($_POST['edit_alert_settings'])){
}
if(isset($_POST['edit_online_payment_settings'])){
validateAdminRole();
$config_stripe_enable = intval($_POST['config_stripe_enable']);
@ -992,6 +1010,7 @@ if(isset($_POST['edit_online_payment_settings'])){
}
if(isset($_POST['edit_integrations_settings'])){
validateAdminRole();
$azure_client_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['azure_client_id'])));
@ -1009,6 +1028,7 @@ if(isset($_POST['edit_integrations_settings'])){
}
if(isset($_POST['edit_module_settings'])){
validateAdminRole();
$config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc']);
@ -1055,6 +1075,7 @@ if(isset($_POST['disable_2fa'])){
}
if(isset($_GET['download_database'])){
validateAdminRole();
// Get All Table Names From the Database
@ -1134,6 +1155,7 @@ if(isset($_GET['download_database'])){
}
if(isset($_POST['backup_master_key'])){
validateAdminRole();
$password = $_POST['password'];
@ -1165,6 +1187,7 @@ if(isset($_POST['backup_master_key'])){
}
if(isset($_GET['update'])){
validateAdminRole();
exec("git pull");
@ -1187,6 +1210,7 @@ if(isset($_GET['update'])){
}
if(isset($_GET['update_db'])){
validateAdminRole();
// Get the current version
@ -1204,6 +1228,7 @@ if(isset($_GET['update_db'])){
}
if(isset($_POST['add_client'])){
validateAdminRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -1316,6 +1341,7 @@ if(isset($_POST['add_client'])){
}
if(isset($_POST['edit_client'])){
validateAdminRole();
$client_id = intval($_POST['client_id']);
@ -1348,6 +1374,7 @@ if(isset($_POST['edit_client'])){
}
if(isset($_GET['archive_client'])){
validateAdminRole();
$client_id = intval($_GET['archive_client']);
@ -1369,7 +1396,6 @@ if(isset($_GET['archive_client'])){
}
if(isset($_GET['undo_archive_client'])){
validateAdminRole();
$client_id = intval($_GET['undo_archive_client']);
@ -1389,6 +1415,7 @@ if(isset($_GET['undo_archive_client'])){
}
if(isset($_GET['delete_client'])){
validateAdminRole();
// CSRF Check
@ -1806,7 +1833,6 @@ if(isset($_GET['export_client_vendors_csv'])){
// Products
if(isset($_POST['add_product'])){
validateAccountantRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
@ -1826,7 +1852,6 @@ if(isset($_POST['add_product'])){
}
if(isset($_POST['edit_product'])){
validateAccountantRole();
$product_id = intval($_POST['product_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -1850,8 +1875,6 @@ if(isset($_POST['edit_product'])){
}
if(isset($_GET['delete_product'])){
validateAccountantRole();
$product_id = intval($_GET['delete_product']);
//Get Product Name
@ -1935,7 +1958,6 @@ if(isset($_GET['delete_trip'])){
}
if(isset($_POST['add_account'])){
validateAccountantRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$opening_balance = floatval($_POST['opening_balance']);
@ -1954,7 +1976,6 @@ if(isset($_POST['add_account'])){
}
if(isset($_POST['edit_account'])){
validateAccountantRole();
$account_id = intval($_POST['account_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -1972,8 +1993,6 @@ if(isset($_POST['edit_account'])){
}
if(isset($_GET['archive_account'])){
validateAccountantRole();
$account_id = intval($_GET['archive_account']);
mysqli_query($mysqli,"UPDATE accounts SET account_archived_at = NOW() WHERE account_id = $account_id");
@ -1988,8 +2007,6 @@ if(isset($_GET['archive_account'])){
}
if(isset($_GET['delete_account'])){
validateAccountantRole();
$account_id = intval($_GET['delete_account']);
mysqli_query($mysqli,"DELETE FROM accounts WHERE account_id = $account_id AND company_id = $session_company_id");
@ -2126,7 +2143,6 @@ if(isset($_GET['delete_tag'])){
//Tax
if(isset($_POST['add_tax'])){
validateAccountantRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$percent = floatval($_POST['percent']);
@ -2143,7 +2159,6 @@ if(isset($_POST['add_tax'])){
}
if(isset($_POST['edit_tax'])){
validateAccountantRole();
$tax_id = intval($_POST['tax_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -2161,8 +2176,6 @@ if(isset($_POST['edit_tax'])){
}
if(isset($_GET['archive_tax'])){
validateAccountantRole();
$tax_id = intval($_GET['archive_tax']);
mysqli_query($mysqli,"UPDATE taxes SET tax_archived_at = NOW() WHERE tax_id = $tax_id");
@ -2177,8 +2190,6 @@ if(isset($_GET['archive_tax'])){
}
if(isset($_GET['delete_tax'])){
validateAccountantRole();
$tax_id = intval($_GET['delete_tax']);
mysqli_query($mysqli,"DELETE FROM taxes WHERE tax_id = $tax_id AND company_id = $session_company_id");
@ -2234,7 +2245,6 @@ if(isset($_GET['dismiss_all_notifications'])){
}
if(isset($_POST['add_expense'])){
validateAccountantRole();
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
$amount = floatval($_POST['amount']);
@ -2300,7 +2310,6 @@ if(isset($_POST['add_expense'])){
}
if(isset($_POST['edit_expense'])){
validateAccountantRole();
$expense_id = intval($_POST['expense_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2369,8 +2378,6 @@ if(isset($_POST['edit_expense'])){
}
if(isset($_GET['delete_expense'])){
validateAccountantRole();
$expense_id = intval($_GET['delete_expense']);
$sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id AND company_id = $session_company_id");
@ -2391,8 +2398,6 @@ if(isset($_GET['delete_expense'])){
}
if(isset($_POST['export_expenses_csv'])){
validateAccountantRole();
$date_from = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_from'])));
$date_to = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_to'])));
if(!empty($date_from) && !empty($date_to)){
@ -2449,7 +2454,6 @@ if(isset($_POST['export_expenses_csv'])){
}
if(isset($_POST['add_transfer'])){
validateAccountantRole();
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
$amount = floatval($_POST['amount']);
@ -2475,7 +2479,6 @@ if(isset($_POST['add_transfer'])){
}
if(isset($_POST['edit_transfer'])){
validateAccountantRole();
$transfer_id = intval($_POST['transfer_id']);
$expense_id = intval($_POST['expense_id']);
@ -2502,8 +2505,6 @@ if(isset($_POST['edit_transfer'])){
}
if(isset($_GET['delete_transfer'])){
validateAccountantRole();
$transfer_id = intval($_GET['delete_transfer']);
//Query the transfer ID to get the Payment and Expense IDs so we can delete those as well
@ -2528,8 +2529,6 @@ if(isset($_GET['delete_transfer'])){
}
if(isset($_POST['add_invoice'])){
validateAccountantRole();
$client = intval($_POST['client']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
$category = intval($_POST['category']);
@ -2562,7 +2561,6 @@ if(isset($_POST['add_invoice'])){
}
if(isset($_POST['edit_invoice'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2582,7 +2580,6 @@ if(isset($_POST['edit_invoice'])){
}
if(isset($_POST['add_invoice_copy'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2639,7 +2636,6 @@ if(isset($_POST['add_invoice_copy'])){
}
if(isset($_POST['add_invoice_recurring'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$recurring_frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@ -2690,7 +2686,6 @@ if(isset($_POST['add_invoice_recurring'])){
}
if(isset($_POST['add_quote'])){
validateAccountantRole();
$client = intval($_POST['client']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2722,7 +2717,6 @@ if(isset($_POST['add_quote'])){
}
if(isset($_POST['add_quote_copy'])){
validateAccountantRole();
$quote_id = intval($_POST['quote_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2775,7 +2769,6 @@ if(isset($_POST['add_quote_copy'])){
}
if(isset($_POST['add_quote_to_invoice'])){
validateAccountantRole();
$quote_id = intval($_POST['quote_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2831,7 +2824,6 @@ if(isset($_POST['add_quote_to_invoice'])){
}
if(isset($_POST['add_quote_item'])){
validateAccountantRole();
$quote_id = intval($_POST['quote_id']);
@ -2872,7 +2864,6 @@ if(isset($_POST['add_quote_item'])){
}
if(isset($_POST['quote_note'])){
validateAccountantRole();
$quote_id = intval($_POST['quote_id']);
$note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@ -2886,7 +2877,6 @@ if(isset($_POST['quote_note'])){
}
if(isset($_POST['edit_quote'])){
validateAccountantRole();
$quote_id = intval($_POST['quote_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -2905,8 +2895,6 @@ if(isset($_POST['edit_quote'])){
}
if(isset($_GET['delete_quote'])){
validateAccountantRole();
$quote_id = intval($_GET['delete_quote']);
mysqli_query($mysqli,"DELETE FROM quotes WHERE quote_id = $quote_id AND company_id = $session_company_id");
@ -2935,8 +2923,6 @@ if(isset($_GET['delete_quote'])){
}
if(isset($_GET['delete_quote_item'])){
validateAccountantRole();
$item_id = intval($_GET['delete_quote_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@ -2965,7 +2951,6 @@ if(isset($_GET['delete_quote_item'])){
}
if(isset($_GET['mark_quote_sent'])){
validateAccountantRole();
$quote_id = intval($_GET['mark_quote_sent']);
@ -2983,7 +2968,6 @@ if(isset($_GET['mark_quote_sent'])){
}
if(isset($_GET['accept_quote'])){
validateAccountantRole();
$quote_id = intval($_GET['accept_quote']);
@ -3001,7 +2985,6 @@ if(isset($_GET['accept_quote'])){
}
if(isset($_GET['decline_quote'])){
validateAccountantRole();
$quote_id = intval($_GET['decline_quote']);
@ -3019,8 +3002,6 @@ if(isset($_GET['decline_quote'])){
}
if(isset($_GET['email_quote'])){
validateAccountantRole();
$quote_id = intval($_GET['email_quote']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
@ -3093,7 +3074,6 @@ if(isset($_GET['email_quote'])){
}
if(isset($_POST['add_recurring'])){
validateAccountantRole();
$client = intval($_POST['client']);
$frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@ -3123,7 +3103,6 @@ if(isset($_POST['add_recurring'])){
}
if(isset($_POST['edit_recurring'])){
validateAccountantRole();
$recurring_id = intval($_POST['recurring_id']);
$frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@ -3145,7 +3124,6 @@ if(isset($_POST['edit_recurring'])){
}
if(isset($_POST['edit_recurring_next_date'])){
validateAccountantRole();
$recurring_id = intval($_POST['recurring_id']);
$next_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['next_date'])));
@ -3164,8 +3142,6 @@ if(isset($_POST['edit_recurring_next_date'])){
}
if(isset($_GET['delete_recurring'])){
validateAccountantRole();
$recurring_id = intval($_GET['delete_recurring']);
mysqli_query($mysqli,"DELETE FROM recurring WHERE recurring_id = $recurring_id AND company_id = $session_company_id");
@ -3194,7 +3170,6 @@ if(isset($_GET['delete_recurring'])){
}
if(isset($_POST['add_recurring_item'])){
validateAccountantRole();
$recurring_id = intval($_POST['recurring_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -3234,7 +3209,6 @@ if(isset($_POST['add_recurring_item'])){
}
if(isset($_POST['recurring_note'])){
validateAccountantRole();
$recurring_id = intval($_POST['recurring_id']);
$note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@ -3248,8 +3222,6 @@ if(isset($_POST['recurring_note'])){
}
if(isset($_GET['delete_recurring_item'])){
validateAccountantRole();
$item_id = intval($_GET['delete_recurring_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@ -3278,7 +3250,6 @@ if(isset($_GET['delete_recurring_item'])){
}
if(isset($_GET['mark_invoice_sent'])){
validateAccountantRole();
$invoice_id = intval($_GET['mark_invoice_sent']);
@ -3296,7 +3267,6 @@ if(isset($_GET['mark_invoice_sent'])){
}
if(isset($_GET['cancel_invoice'])){
validateAccountantRole();
$invoice_id = intval($_GET['cancel_invoice']);
@ -3314,8 +3284,6 @@ if(isset($_GET['cancel_invoice'])){
}
if(isset($_GET['delete_invoice'])){
validateAccountantRole();
$invoice_id = intval($_GET['delete_invoice']);
mysqli_query($mysqli,"DELETE FROM invoices WHERE invoice_id = $invoice_id AND company_id = $session_company_id");
@ -3351,7 +3319,6 @@ if(isset($_GET['delete_invoice'])){
}
if(isset($_POST['add_invoice_item'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@ -3392,7 +3359,6 @@ if(isset($_POST['add_invoice_item'])){
}
if(isset($_POST['invoice_note'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@ -3406,7 +3372,6 @@ if(isset($_POST['invoice_note'])){
}
if(isset($_POST['edit_item'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$quote_id = intval($_POST['quote_id']);
@ -3467,8 +3432,6 @@ if(isset($_POST['edit_item'])){
}
if(isset($_GET['delete_invoice_item'])){
validateAccountantRole();
$item_id = intval($_GET['delete_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@ -3497,7 +3460,6 @@ if(isset($_GET['delete_invoice_item'])){
}
if(isset($_POST['add_payment'])){
validateAccountantRole();
$invoice_id = intval($_POST['invoice_id']);
$balance = floatval($_POST['balance']);
@ -3636,8 +3598,6 @@ if(isset($_POST['add_payment'])){
}
if(isset($_GET['delete_payment'])){
validateAccountantRole();
$payment_id = intval($_GET['delete_payment']);
$sql = mysqli_query($mysqli,"SELECT * FROM payments WHERE payment_id = $payment_id AND company_id = $session_company_id");
@ -3683,8 +3643,6 @@ if(isset($_GET['delete_payment'])){
}
if(isset($_GET['email_invoice'])){
validateAccountantRole();
$invoice_id = intval($_GET['email_invoice']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices
@ -3775,7 +3733,6 @@ if(isset($_GET['email_invoice'])){
}
if(isset($_POST['add_revenue'])){
validateAccountantRole();
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
$amount = floatval($_POST['amount']);
@ -3798,7 +3755,6 @@ if(isset($_POST['add_revenue'])){
}
if(isset($_POST['edit_revenue'])){
validateAccountantRole();
$revenue_id = intval($_POST['revenue_id']);
$date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@ -3822,8 +3778,6 @@ if(isset($_POST['edit_revenue'])){
}
if(isset($_GET['delete_revenue'])){
validateAccountantRole();
$revenue_id = intval($_GET['delete_revenue']);
mysqli_query($mysqli,"DELETE FROM revenues WHERE revenue_id = $revenue_id AND company_id = $session_company_id");

7
side_nav.php
View File

@ -98,8 +98,6 @@
<?php } ?>
<?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">SALES</li>
<li class="nav-item">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
@ -131,7 +129,10 @@
<p>Products</p>
</a>
</li>
<li class="nav-header mt-3">ACCOUNTING</li>
<?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
<li class="nav-header mt-3">ACCOUNTING</li>
<li class="nav-item">
<a href="payments.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>

11
ticket.php
View File

@ -589,17 +589,12 @@ if(isset($_GET['ticket_id'])){
<?php if($config_module_enable_accounting){ ?>
<div class="card card-body card-outline card-dark mb-2">
<div>
<?php
if($_SESSION['user_role'] == 1 || $_SESSION['user_role'] == 3){
?>
<a href="#" class="btn btn-outline-success btn-block" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">Invoice Ticket</a>
<?php } ?>
<div class="">
<a href="#" class="btn btn-outline-success btn-block" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">Invoice Ticket</a>
<?php
if($ticket_status !== "Closed"){
?>
<a href="post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-outline-danger btn-block">Close Ticket</a>
<a href="post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-outline-danger btn-block">Close Ticket</a>
<?php } ?>
</div>
</div>