diff --git a/models/category.php b/models/category.php
new file mode 100644
index 00000000..a98cfe64
--- /dev/null
+++ b/models/category.php
@@ -0,0 +1,4 @@
+ 9097152){
- $file_error = 1;
- }
-
- if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
-
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
-
- $_SESSION['alert_message'] = 'File successfully uploaded.';
- }else{
-
- $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
+ $extended_alert_description = '. File successfully uploaded.';
+ } else {
+ $_SESSION['alert_type'] = "error";
+ $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size';
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Create', log_description = '$description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
- $_SESSION['alert_message'] = "Expense added";
+ $_SESSION['alert_message'] = "Expense added" . $extended_alert_description;
header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -2943,64 +2835,38 @@ if(isset($_POST['add_expense'])){
if(isset($_POST['edit_expense'])){
+ require_once('models/expense.php');
+
$expense_id = intval($_POST['expense_id']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $amount = floatval($_POST['amount']);
- $account = intval($_POST['account']);
- $vendor = intval($_POST['vendor']);
- $category = intval($_POST['category']);
- $description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
- $reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
- //Check to see if a file is attached
- if($_FILES['file']['tmp_name'] != ''){
- // get details of the uploaded file
- $file_error = 0;
- $file_tmp_path = $_FILES['file']['tmp_name'];
- $file_name = $_FILES['file']['name'];
- $file_size = $_FILES['file']['size'];
- $file_type = $_FILES['file']['type'];
- $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
+ // Check for and process attachment
+ $extended_alert_description = '';
+ if ($_FILES['file']['tmp_name'] != '') {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'pdf'))) {
- // sanitize file-name
- $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
+ $file_tmp_path = $_FILES['file']['tmp_name'];
- // check if file has one of the following extensions
- $allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf');
-
- if(in_array($file_extension,$allowed_file_extensions) === false){
- $file_error = 1;
- }
-
- //Check File Size
- if($file_size > 9097152){
- $file_error = 1;
- }
-
- if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
-
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/expenses/$session_company_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
-
- $_SESSION['alert_message'] = 'File successfully uploaded.';
- }else{
-
- $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
+ $extended_alert_description = '. File successfully uploaded.';
+ } else {
+ $_SESSION['alert_type'] = "error";
+ $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size';
}
}
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id AND company_id = $session_company_id");
- $_SESSION['alert_message'] = "Expense modified";
+ $_SESSION['alert_message'] = "Expense modified" . $extended_alert_description;
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Modify', log_description = '$description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@@ -3087,11 +2953,7 @@ if(isset($_POST['export_expenses_csv'])){
if(isset($_POST['add_transfer'])){
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $amount = floatval($_POST['amount']);
- $account_from = intval($_POST['account_from']);
- $account_to = intval($_POST['account_to']);
- $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
+ require_once('models/transfer.php');
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = '$amount', expense_currency_code = '$session_company_currency', expense_vendor_id = 0, expense_category_id = 0, expense_account_id = $account_from, company_id = $session_company_id");
$expense_id = mysqli_insert_id($mysqli);
@@ -3112,14 +2974,11 @@ if(isset($_POST['add_transfer'])){
if(isset($_POST['edit_transfer'])){
+ require_once('models/transfer.php');
+
$transfer_id = intval($_POST['transfer_id']);
$expense_id = intval($_POST['expense_id']);
$revenue_id = intval($_POST['revenue_id']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $amount = floatval($_POST['amount']);
- $account_from = intval($_POST['account_from']);
- $account_to = intval($_POST['account_to']);
- $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account_from WHERE expense_id = $expense_id AND company_id = $session_company_id");
@@ -3139,9 +2998,8 @@ if(isset($_POST['edit_transfer'])){
if(isset($_GET['delete_transfer'])){
$transfer_id = intval($_GET['delete_transfer']);
- //Query the transfer ID to get the Payment and Expense IDs so we can delete those as well
- $sql = mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id AND company_id = $session_company_id");
- $row = mysqli_fetch_array($sql);
+ //Query the transfer ID to get the Payment and Expense IDs, so we can delete those as well
+ $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id AND company_id = $session_company_id"));
$expense_id = $row['transfer_expense_id'];
$revenue_id = $row['transfer_revenue_id'];
@@ -3161,10 +3019,10 @@ if(isset($_GET['delete_transfer'])){
}
if(isset($_POST['add_invoice'])){
+
+ require_once('models/invoice.php');
+
$client = intval($_POST['client']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $category = intval($_POST['category']);
- $scope = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['scope'])));
//Get Net Terms
$sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients WHERE client_id = $client AND company_id = $session_company_id");
@@ -3194,11 +3052,10 @@ if(isset($_POST['add_invoice'])){
if(isset($_POST['edit_invoice'])){
+ require_once('models/invoice.php');
+
$invoice_id = intval($_POST['invoice_id']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
$due = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['due'])));
- $category = intval($_POST['category']);
- $scope = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['scope'])));
mysqli_query($mysqli,"UPDATE invoices SET invoice_scope = '$scope', invoice_date = '$date', invoice_due = '$due', invoice_category_id = $category WHERE invoice_id = $invoice_id AND company_id = $session_company_id");
@@ -3319,10 +3176,9 @@ if(isset($_POST['add_invoice_recurring'])){
if(isset($_POST['add_quote'])){
+ require_once('models/quote.php');
+
$client = intval($_POST['client']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $category = intval($_POST['category']);
- $scope = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['scope'])));
//Get the last Quote Number and add 1 for the new Quote number
$quote_number = $config_quote_next_number;
@@ -3509,10 +3365,9 @@ if(isset($_POST['quote_note'])){
if(isset($_POST['edit_quote'])){
+ require_once('models/quote.php');
+
$quote_id = intval($_POST['quote_id']);
- $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
- $category = intval($_POST['category']);
- $scope = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['scope'])));
mysqli_query($mysqli,"UPDATE quotes SET quote_scope = '$scope', quote_date = '$date', quote_category_id = $category WHERE quote_id = $quote_id AND company_id = $session_company_id");
@@ -4410,23 +4265,9 @@ if(isset($_POST['add_contact'])){
validateTechRole();
- $client_id = intval($_POST['client_id']);
- $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
- $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['title'])));
- $department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department'])));
- $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
- $extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
- $mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
- $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
- $primary_contact = intval($_POST['primary_contact']);
- $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
- $contact_important = intval($_POST['contact_important']);
- $contact_billing = intval($_POST['contact_billing']);
- $contact_technical = intval($_POST['contact_technical']);
- $location_id = intval($_POST['location']);
- $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
- $password = password_hash(randomString(), PASSWORD_DEFAULT);
+ require_once('models/contact.php');
+ $password = password_hash(randomString(), PASSWORD_DEFAULT);
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
mkdir("uploads/clients/$session_company_id/$client_id");
@@ -4441,52 +4282,30 @@ if(isset($_POST['add_contact'])){
mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id");
}
- //Check to see if a file is attached
- if($_FILES['file']['tmp_name'] != ''){
+ // Check for and process image/photo
+ $extended_alert_description = '';
+ if ($_FILES['file']['tmp_name'] != '') {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
- // get details of the uploaded file
- $file_error = 0;
- $file_tmp_path = $_FILES['file']['tmp_name'];
- $file_name = $_FILES['file']['name'];
- $file_size = $_FILES['file']['size'];
- $file_type = $_FILES['file']['type'];
- $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
+ $file_tmp_path = $_FILES['file']['tmp_name'];
- // sanitize file-name
- $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
-
- // check if file has one of the following extensions
- $allowed_file_extensions = array('jpg', 'gif', 'png');
-
- if(in_array($file_extension,$allowed_file_extensions) === false){
- $file_error = 1;
- }
-
- //Check File Size
- if($file_size > 2097152){
- $file_error = 1;
- }
-
- if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
-
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
-
- $_SESSION['alert_message'] = 'Photo successfully uploaded. ';
- }else{
-
- $_SESSION['alert_message'] = 'There was an error moving the photo to the upload directory. Please make sure the upload directory is writable by web server.';
+ $extended_alert_description = '. File successfully uploaded.';
+ } else {
+ $_SESSION['alert_type'] = "error";
+ $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size';
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = '$session_name created contact $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id");
- $_SESSION['alert_message'] .= "Contact $name created";
+ $_SESSION['alert_message'] .= "Contact $name created" . $extended_alert_description;
header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -4496,23 +4315,9 @@ if(isset($_POST['edit_contact'])){
validateTechRole();
- $contact_id = intval($_POST['contact_id']);
- $client_id = intval($_POST['client_id']);
- $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
- $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['title'])));
- $department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department'])));
- $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
- $extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
- $mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
- $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
- $primary_contact = intval($_POST['primary_contact']);
- $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
- $contact_important = intval($_POST['contact_important']);
- $contact_billing = intval($_POST['contact_billing']);
- $contact_technical = intval($_POST['contact_technical']);
- $location_id = intval($_POST['location']);
- $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
+ require_once('models/contact.php');
+ $contact_id = intval($_POST['contact_id']);
$existing_file_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']));
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
@@ -4559,7 +4364,7 @@ if(isset($_POST['edit_contact'])){
// Check for and process image/photo
$extended_alert_description = '';
if ($_FILES['file']['tmp_name'] != '') {
- if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'gif', 'png'))) {
+ if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
// Set directory in which the uploaded file will be moved
$file_tmp_path = $_FILES['file']['tmp_name'];