diff --git a/agent/post/contact.php b/agent/post/contact.php
index 112c110a..2310e559 100644
--- a/agent/post/contact.php
+++ b/agent/post/contact.php
@@ -1277,7 +1277,7 @@ if (isset($_POST['export_contacts_csv'])) {
     }
 
     //Contacts
-    $sql = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN locations ON location_id = contact_location_id LEFT JOIN clients ON client_id = contact_client_id WHERE contact_archived_at IS NULL $client_query $access_permission_query ORDER BY contact_name ASC");
+    $sql = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN locations ON location_id = contact_location_id LEFT JOIN clients ON client_id = contact_client_id WHERE contact_archived_at IS NULL AND client_archived_at IS NULL $client_query $access_permission_query ORDER BY contact_name ASC");
     $num_rows = mysqli_num_rows($sql);
 
     if ($num_rows > 0) {
diff --git a/agent/post/location.php b/agent/post/location.php
index 7b486f72..e93f77c7 100644
--- a/agent/post/location.php
+++ b/agent/post/location.php
@@ -14,6 +14,8 @@ if(isset($_POST['add_location'])){
 
     require_once 'location_model.php';
 
+    enforceClientAccess();
+
     if(!file_exists("../uploads/clients/$client_id")) {
         mkdir("../uploads/clients/$client_id");
     }
@@ -71,9 +73,12 @@ if(isset($_POST['edit_location'])){
     $location_id = intval($_POST['location_id']);
 
     // Get old location photo
-    $sql = mysqli_query($mysqli,"SELECT location_photo FROM locations WHERE location_id = $location_id");
+    $sql = mysqli_query($mysqli,"SELECT location_photo, location_client_id FROM locations WHERE location_id = $location_id");
     $row = mysqli_fetch_assoc($sql);
     $existing_file_name = sanitizeInput($row['location_photo']);
+    $client_id = intval($row['location_client_id']);
+
+    enforceClientAccess();
 
     if(!file_exists("../uploads/clients/$client_id")) {
         mkdir("../uploads/clients/$client_id");
@@ -138,6 +143,8 @@ if(isset($_GET['archive_location'])){
     $location_name = sanitizeInput($row['location_name']);
     $client_id = intval($row['location_client_id']);
 
+    enforceClientAccess();
+
     mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id");
 
     logAction("Location", "Archive", "$session_name archived location $location_name", $client_id, $location_id);
@@ -162,6 +169,8 @@ if(isset($_GET['restore_location'])){
     $location_name = sanitizeInput($row['location_name']);
     $client_id = intval($row['location_client_id']);
 
+    enforceClientAccess();
+
     mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
 
     logAction("Location", "Restore", "$session_name restored location $location_name", $client_id, $location_id);
@@ -186,6 +195,8 @@ if(isset($_GET['delete_location'])){
     $location_name = sanitizeInput($row['location_name']);
     $client_id = intval($row['location_client_id']);
 
+    enforceClientAccess();
+
     mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id");
 
     logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
@@ -217,6 +228,8 @@ if (isset($_POST['bulk_assign_location_tags'])) {
             $location_name = sanitizeInput($row['location_name']);
             $client_id = intval($row['location_client_id']);
 
+            enforceClientAccess();
+
             if($_POST['bulk_remove_tags']) {
                 // Delete tags if chosed to do so
                 mysqli_query($mysqli, "DELETE FROM location_tags WHERE location_id = $location_id");
@@ -270,6 +283,8 @@ if (isset($_POST['bulk_archive_locations'])) {
             $location_primary = intval($row['location_primary']);
             $client_id = intval($row['location_client_id']);
 
+            enforceClientAccess();
+
             if($location_primary == 0) {
                 mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id");
 
@@ -313,6 +328,8 @@ if (isset($_POST['bulk_restore_locations'])) {
             $location_name = sanitizeInput($row['location_name']);
             $client_id = intval($row['location_client_id']);
 
+            enforceClientAccess();
+
             mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
 
             logAction("Location", "Restore", "$session_name restored location $location_name", $client_id, $location_id);
@@ -351,6 +368,8 @@ if (isset($_POST['bulk_delete_locations'])) {
             $location_name = sanitizeInput($row['location_name']);
             $client_id = intval($row['location_client_id']);
 
+            enforceClientAccess();
+
             mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
 
             logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
@@ -385,7 +404,7 @@ if(isset($_POST['export_locations_csv'])){
     }
 
     //Locations
-    $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL $client_query ORDER BY location_name ASC");
+    $sql = mysqli_query($mysqli,"SELECT * FROM locations LEFT JOIN clients ON client_id = location_client_id WHERE location_archived_at IS NULL AND client_archived_at IS NULL $client_query $access_permission_query ORDER BY location_name ASC");
 
     $num_rows = mysqli_num_rows($sql);
 
@@ -432,6 +451,9 @@ if (isset($_POST["import_locations_csv"])) {
     enforceUserPermission('module_client', 2);
 
     $client_id = intval($_POST['client_id']);
+
+    enforceClientAccess();
+
     $error = false;
 
     if (!empty($_FILES["file"]["tmp_name"])) {
diff --git a/agent/post/ticket.php b/agent/post/ticket.php
index 955ac84f..c77fe09d 100644
--- a/agent/post/ticket.php
+++ b/agent/post/ticket.php
@@ -45,6 +45,8 @@ if (isset($_POST['add_ticket'])) {
         }
     }
 
+    enforceClientAccess();
+
     // Add the primary contact as the ticket contact if "Use primary contact" is checked
     if ($use_primary_contact == 1) {
         $sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
@@ -227,6 +229,13 @@ if (isset($_POST['edit_ticket'])) {
         }
     }
 
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_category = $category_id, ticket_subject = '$ticket_subject', ticket_priority = '$ticket_priority', ticket_billable = $billable, ticket_details = '$details', ticket_due_at = $due, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_contact_id = $contact_id, ticket_assigned_to = $assigned_to, ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
 
     // Add Additional Assets
@@ -329,6 +338,11 @@ if (isset($_POST['edit_ticket_priority'])) {
     $ticket_status = sanitizeInput($row['ticket_status_name']);
     $client_id = intval($row['ticket_client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
 
     // Update Ticket History
@@ -376,6 +390,11 @@ if (isset($_POST['edit_ticket_contact'])) {
     $url_key = sanitizeInput($row['ticket_url_key']);
     $client_id = intval($row['ticket_client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     // Update the contact
     mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id");
 
@@ -444,6 +463,11 @@ if (isset($_POST['edit_ticket_project'])) {
     $ticket_prefix = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_prefix'));
     $ticket_number = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_number'));
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
 
     logAction("Ticket", "Edit", "$session_name set ticket $ticket_prefix$ticket_number project to $project_name", $client_id, $ticket_id);
@@ -485,6 +509,11 @@ if (isset($_POST['add_ticket_watcher'])) {
     $ticket_created_by = intval($row['ticket_created_by']);
     $ticket_assigned_to = intval($row['ticket_assigned_to']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     // Get Company Phone Number
     $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
     $row = mysqli_fetch_assoc($sql);
@@ -557,6 +586,11 @@ if (isset($_GET['delete_ticket_watcher'])) {
     $client_id = intval($row['ticket_client_id']);
     $ticket_id = intval($row['ticket_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_id = $watcher_id");
 
     // History
@@ -593,6 +627,11 @@ if (isset($_GET['delete_ticket_additional_asset'])) {
     $asset_name = sanitizeInput($row['asset_name']);
     $client_id = intval($row['ticket_client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id");
 
     // History
@@ -615,6 +654,13 @@ if (isset($_POST['edit_ticket_asset'])) {
     $ticket_id = intval($_POST['ticket_id']);
     $asset_id = intval($_POST['asset']);
 
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id");
 
     // Add Additional Assets
@@ -661,6 +707,13 @@ if (isset($_POST['edit_ticket_vendor'])) {
     $ticket_id = intval($_POST['ticket_id']);
     $vendor_id = intval($_POST['vendor']);
 
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id");
 
     // Get ticket / vendor details for logging
@@ -730,6 +783,11 @@ if (isset($_POST['assign_ticket'])) {
     $client_id = intval($ticket_details['ticket_client_id']);
     $client_name = sanitizeInput($ticket_details['client_name']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     if (!$ticket_subject) {
         flash_alert("Invalid ticket!", 'error');
         redirect();
@@ -748,7 +806,6 @@ if (isset($_POST['assign_ticket'])) {
 
     logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
 
-
     // Notification
     if ($session_user_id != $assigned_to && $assigned_to != 0) {
 
@@ -808,6 +865,11 @@ if (isset($_GET['delete_ticket'])) {
     $ticket_closed_at = sanitizeInput($row['ticket_closed_at']);
     $client_id = intval($row['ticket_client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     if (empty($ticket_closed_at)) {
         mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
 
@@ -851,6 +913,14 @@ if (isset($_POST['bulk_delete_tickets'])) {
         foreach ($_POST['ticket_ids'] as $ticket_id) {
 
             $ticket_id = intval($ticket_id);
+
+            $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
 
             // Delete all ticket replies
@@ -908,6 +978,11 @@ if (isset($_POST['bulk_assign_ticket'])) {
             $ticket_subject = sanitizeInput($row['ticket_subject']);
             $client_id = intval($row['ticket_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             if ($ticket_status == 1 && $assigned_to !== 0) {
                 $ticket_status = 2;
             }
@@ -1010,6 +1085,11 @@ if (isset($_POST['bulk_edit_ticket_priority'])) {
             $original_ticket_priority = sanitizeInput($row['ticket_priority']);
             $client_id = intval($row['ticket_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             // Update ticket & insert reply
             mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
 
@@ -1056,6 +1136,11 @@ if (isset($_POST['bulk_edit_ticket_category'])) {
             $previous_ticket_category_name = sanitizeInput($row['category_name']);
             $client_id = intval($row['ticket_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             // Get Category Name
             $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
 
@@ -1117,6 +1202,11 @@ if (isset($_POST['bulk_merge_tickets'])) {
                 $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
                 $client_id = intval($row['ticket_client_id']);
 
+                // Don't Enforce Client Access if Ticket doesn't have an assigned client
+                if ($client_id) {
+                    enforceClientAccess();
+                }
+
                 // Update current ticket
                 if (empty($ticket_first_response_at)) {
                     mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
@@ -1190,6 +1280,11 @@ if (isset($_POST['bulk_resolve_tickets'])) {
                 $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
                 $client_id = intval($row['ticket_client_id']);
 
+                // Don't Enforce Client Access if Ticket doesn't have an assigned client
+                if ($client_id) {
+                    enforceClientAccess();
+                }
+
                 // Mark FR time if required
                 if (empty($ticket_first_response_at)) {
                     mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
@@ -1321,6 +1416,11 @@ if (isset($_POST['bulk_ticket_reply'])) {
             $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
             $client_id = intval($row['ticket_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             if ($client_id) {
                 $client_uri = "&client_id=$client_id";
             } else {
@@ -1482,6 +1582,11 @@ if (isset($_POST['bulk_add_ticket_project'])) {
             $current_ticket_priority = sanitizeInput($row['ticket_priority']);
             $client_id = intval($row['ticket_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             // Update ticket & insert reply
             mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
 
@@ -1550,6 +1655,11 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
             $asset_name = sanitizeInput($row['asset_name']);
             $client_id = intval($row['asset_client_id']);
 
+            // Don't Enforce Client Access if Ticket doesn't have an assigned client
+            if ($client_id) {
+                enforceClientAccess();
+            }
+
             $subject_asset_prepended = "$asset_name - $subject";
 
             // Atomically increment and get the new ticket number
@@ -1624,6 +1734,11 @@ if (isset($_POST['add_ticket_reply'])) {
     $ticket_status = intval($_POST['status']);
     $client_id = intval($_POST['client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     // Time tracking, inputs & combine into string
     $hours = intval($_POST['hours']);
     $minutes = intval($_POST['minutes']);
@@ -1805,6 +1920,11 @@ if (isset($_POST['edit_ticket_reply'])) {
 
     $client_id = intval($_POST['client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
 
     logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id);
@@ -1826,6 +1946,11 @@ if (isset($_POST['redact_ticket_reply'])) {
 
     $client_id = intval($_POST['client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
 
     logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
@@ -1844,9 +1969,17 @@ if (isset($_GET['archive_ticket_reply'])) {
 
     $ticket_reply_id = intval($_GET['archive_ticket_reply']);
 
+    $ticket_id = intval(getFieldById('ticket_replies', $ticket_reply_id, 'ticket_reply_ticket_id'));
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
 
-    logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id);
+    logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", $client_id, $ticket_reply_id);
 
     flash_alert("Ticket reply archived", 'error');
 
@@ -1889,6 +2022,10 @@ if (isset($_POST['merge_ticket'])) {
     }
     $merge_row = mysqli_fetch_assoc($sql);
     $client_id = intval($merge_row['ticket_client_id']);
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
     $merge_into_ticket_number = intval($merge_row['ticket_number']);
     if ($client_id) {
         $has_client = "&client_id=$client_id";
@@ -1940,6 +2077,11 @@ if (isset($_POST['change_client_ticket'])) {
     $client_id = intval($_POST['new_client_id']);
     $contact_id = intval($_POST['new_contact_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     // Set any/all existing replies to internal
     mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_type = 'Internal' WHERE ticket_reply_ticket_id = $ticket_id");
 
@@ -1969,6 +2111,12 @@ if (isset($_GET['resolve_ticket'])) {
     $ticket_prefix = sanitizeInput($row['ticket_prefix']);
     $ticket_number = intval($row['ticket_number']);
     $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+    $client_id = intval($row['ticket_client_id']);
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
 
     // Mark FR
     if (empty($ticket_first_response_at)) {
@@ -1978,7 +2126,7 @@ if (isset($_GET['resolve_ticket'])) {
     // Resolve
     mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
 
-    logAction("Ticket", "Resolved", "$session_name resolved ticket $ticket_prefix$ticket_number (ID: $ticket_id)", 0, $ticket_id);
+    logAction("Ticket", "Resolved", "$session_name resolved ticket $ticket_prefix$ticket_number (ID: $ticket_id)", $client_id, $ticket_id);
 
     customAction('ticket_resolve', $ticket_id);
 
@@ -1986,7 +2134,7 @@ if (isset($_GET['resolve_ticket'])) {
     if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1) {
 
         // Get details
-        $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets
+        $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key FROM tickets
             LEFT JOIN clients ON ticket_client_id = client_id
             LEFT JOIN contacts ON ticket_contact_id = contact_id
             LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
@@ -1999,7 +2147,6 @@ if (isset($_GET['resolve_ticket'])) {
         $ticket_prefix = sanitizeInput($row['ticket_prefix']);
         $ticket_number = intval($row['ticket_number']);
         $ticket_subject = sanitizeInput($row['ticket_subject']);
-        $client_id = intval($row['ticket_client_id']);
         $ticket_assigned_to = intval($row['ticket_assigned_to']);
         $ticket_status = sanitizeInput($row['ticket_status_name']);
         $url_key = sanitizeInput($row['ticket_url_key']);
@@ -2070,12 +2217,18 @@ if (isset($_GET['close_ticket'])) {
     enforceUserPermission('module_support', 2);
 
     $ticket_id = intval($_GET['close_ticket']);
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
 
     mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
 
     mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
 
-    logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", 0, $ticket_id);
+    logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", $client_id, $ticket_id);
 
     customAction('ticket_close', $ticket_id);
 
@@ -2164,9 +2317,16 @@ if (isset($_GET['reopen_ticket'])) {
 
     $ticket_id = intval($_GET['reopen_ticket']);
 
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id");
 
-    logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", 0, $ticket_id);
+    logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", $client_id, $ticket_id);
 
     customAction('ticket_update', $ticket_id);
 
@@ -2222,6 +2382,8 @@ if (isset($_POST['add_invoice_from_ticket'])) {
 
     $location_name = sanitizeInput($row['location_name']);
 
+    enforceClientAccess();
+
     if ($invoice_id == 0) {
 
         $invoice_prefix = sanitizeInput($config_invoice_prefix);
@@ -2332,6 +2494,8 @@ if (isset($_POST['add_quote_from_ticket'])) {
     $ticket_number = intval($row['ticket_number']);
     $client_id = intval($row['ticket_client_id']);
 
+    enforceClientAccess();
+
     // Atomically increment and get the new quote number
     mysqli_query($mysqli, "
         UPDATE settings
@@ -2445,6 +2609,11 @@ if (isset($_POST['edit_ticket_billable_status'])) {
     $ticket_number = intval($row['ticket_number']);
     $client_id = intval($row['ticket_client_id']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id");
 
     logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id);
@@ -2468,12 +2637,17 @@ if (isset($_POST['edit_ticket_schedule'])) {
     $full_ticket_url = "https://$config_base_url/client/ticket.php?id=$ticket_id";
     $ticket_link_html = "<a href=\"$full_ticket_url\">$ticket_link</a>";
 
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     mysqli_query($mysqli,"UPDATE tickets
         SET ticket_schedule = '$schedule', ticket_onsite = $onsite
         WHERE ticket_id = $ticket_id"
     );
 
-
     // Check for other conflicting scheduled items based on 2 hr window
     //TODO make this configurable
     $start = date('Y-m-d H:i:s', strtotime($schedule) - 7200);
@@ -2495,7 +2669,6 @@ if (isset($_POST['edit_ticket_schedule'])) {
 
     $row = mysqli_fetch_assoc($sql);
 
-    $client_id = intval($row['ticket_client_id']);
     $client_name = sanitizeInput($row['client_name']);
     $ticket_details = sanitizeInput($row['ticket_details']);
     $contact_name = sanitizeInput($row['contact_name']);
@@ -2647,6 +2820,11 @@ if (isset($_GET['cancel_ticket_schedule'])) {
     $ticket_schedule = sanitizeInput($row['ticket_schedule']);
     $ticket_cal_str = sanitizeInput($row['ticket_cal_str']);
 
+    // Don't Enforce Client Access if Ticket doesn't have an assigned client
+    if ($client_id) {
+        enforceClientAccess();
+    }
+
     if ($client_id) {
         $client_uri = "&client_id=$client_id";
     } else {