AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #547 from wrongecho/code-audit 

Misc changes from code security audit
This commit is contained in:
Johnny 2023-01-02 21:16:17 -05:00 committed by GitHub
parent 637712aa71 b70052b864
commit 893f4405ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
72 changed files with 177 additions and 1393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
accounts.php
View File

@ -27,7 +27,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="card-body">
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Accounts">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

15
ajax.php
View File

@ -110,7 +110,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
$merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'");
@ -120,7 +120,8 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
} else {
//Return ticket, client and contact details for the given ticket number
$response = mysqli_fetch_array($sql);
echo json_encode($response);
$response = array_map('htmlentities', $response);
echo json_encode( $response);
}
}
@ -190,10 +191,10 @@ if (isset($_GET['ticket_query_views'])) {
$users = array_unique($users);
if (count($users) > 1) {
// Multiple viewers
$response['message'] = implode(", ", $users) . " are viewing this ticket.";
$response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
} else {
// Single viewer
$response['message'] = implode("", $users) . " is viewing this ticket.";
$response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
}
} else {
// No viewers
@ -221,19 +222,19 @@ if (isset($_GET['share_generate_link'])) {
if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
$item_name = $row['document_name'];
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['document_name']));
}
if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
$item_name = $row['file_name'];
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['file_name']));
}
if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$item_name = $row['login_name'];
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name']));
// Decrypt & re-encrypt password for sharing
$login_password_cleartext = decryptLoginEntry($row['login_password']);

2
api/v1/clients/read.php
View File

@ -11,7 +11,7 @@ if (isset($_GET['client_id'])) {
// Specific client via name (single)
elseif (isset($_GET['client_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name'])));
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
}

2
api/v1/contacts/read.php
View File

@ -11,7 +11,7 @@ if (isset($_GET['contact_id'])) {
// Specific contact via email (single)
elseif (isset($_GET['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email'])));
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}

8
api/v1/software/read.php
View File

@ -9,10 +9,10 @@ if (isset($_GET['software_id'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific software via License ID
if (isset($_GET['software_license'])) {
$license = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
// Specific software via key
if (isset($_GET['software_key'])) {
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software by name

6
api/v1/validate_api_key.php
View File

@ -73,10 +73,10 @@ if (isset($api_key)) {
if (mysqli_num_rows($sql) !== 1) {
// Invalid Key
header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
$return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr);
@ -88,7 +88,7 @@ if (isset($api_key)) {
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$api_key_name = $row['api_key_name'];
$api_key_name = htmlentities($row['api_key_name']);
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];

2
api_key_add_modal.php
View File

@ -65,7 +65,7 @@ $key = bin2hex(random_bytes(78));
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name (Client ID: $client_id)"; ?></option>

160
assets.php
View File

@ -1,160 +0,0 @@
<?php include("inc_all.php");
//Column Filter
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "asset_name";
}
//Date From and Date To Filter
if(!empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}else{
$dtf = "0000-00-00";
$dtt = "9999-00-00";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM assets LEFT JOIN clients ON asset_client_id = client_id
WHERE (asset_name LIKE '%$q%' OR asset_type LIKE '%$q%' OR asset_make LIKE '%$q%' OR asset_model LIKE '%$q%' OR asset_serial LIKE '%$q%' OR asset_os LIKE '%$q%'
OR asset_ip LIKE '%$q%' OR asset_mac LIKE '%$q%' OR client_name LIKE '%$q%')
AND DATE(asset_created_at) BETWEEN '$dtf' AND '$dtt'
AND assets.company_id = $session_company_id
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop"></i> Client Assets</h3>
<div class="card-tools">
</div>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search all client assets">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
</div>
<div class="collapse mt-3 <?php if(!empty($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
<div class="row">
<div class="col-md-2">
<div class="form-group">
<label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
</div>
</div>
<div class="col-md-2">
<div class="form-group">
<label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
</div>
</div>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_make&o=<?php echo $disp; ?>">Make</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_model&o=<?php echo $disp; ?>">Model</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=client_name&o=<?php echo $disp; ?>">Client</a></th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_type = $row['asset_type'];
$asset_name = $row['asset_name'];
$asset_make = $row['asset_make'];
$asset_model = $row['asset_model'];
$asset_serial = $row['asset_serial'];
$asset_os = $row['asset_os'];
$asset_ip = $row['asset_ip'];
$asset_mac = $row['asset_mac'];
$asset_purchase_date = $row['asset_purchase_date'];
$asset_warranty_expire = $row['asset_warranty_expire'];
$asset_notes = $row['asset_notes'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$vendor_id = $row['vendor_id'];
$location_id = $row['location_id'];
$contact_id = $row['contact_id'];
$network_id = $row['network_id'];
if($asset_type == 'Laptop'){
$device_icon = "laptop";
}elseif($asset_type == 'Desktop'){
$device_icon = "desktop";
}elseif($asset_type == 'Server'){
$device_icon = "server";
}elseif($asset_type == 'Printer'){
$device_icon = "print";
}elseif($asset_type == 'Camera'){
$device_icon = "video";
}elseif($asset_type == 'Switch' || $asset_type == 'Firewall/Router'){
$device_icon = "network-wired";
}elseif($asset_type == 'Access Point'){
$device_icon = "wifi";
}elseif($asset_type == 'Phone'){
$device_icon = "phone";
}elseif($asset_type == 'Mobile Phone'){
$device_icon = "mobile-alt";
}elseif($asset_type == 'Tablet'){
$device_icon = "tablet-alt";
}elseif($asset_type == 'TV'){
$device_icon = "tv";
}elseif($asset_type == 'Virtual Machine'){
$device_icon = "cloud";
}else{
$device_icon = "tag";
}
?>
<tr>
<td><i class="fa fa-fw text-secondary fa-<?php echo $device_icon; ?> mr-2"></i><?php echo $asset_name; ?></td>
<td><?php echo $asset_type; ?></td>
<td><?php echo $asset_make; ?></td>
<td><?php echo $asset_model; ?></td>
<td><?php echo $asset_serial; ?></td>
<td><a href="client.php?client_id=<?php echo $client_id; ?>&tab=assets"><?php echo $client_name; ?></a></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
<?php include("pagination.php"); ?>
</div>
</div>
<?php include("add_asset_modal.php"); ?>
<?php include("footer.php");

2
categories.php
View File

@ -53,7 +53,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
<div class="row">
<div class="col-sm-4 mb-2">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Categories">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

2
check_login.php
View File

@ -32,7 +32,7 @@ $session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['user_name'];
$session_name = mysqli_real_escape_string($mysqli, $row['user_name']);
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];

2
client_assets.php
View File

@ -86,7 +86,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?>s">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?>s">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_certificates.php
View File

@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Certificates">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_contact_details_modal.php
View File

@ -105,7 +105,7 @@
while($row = mysqli_fetch_array($sql_related_tickets)){
$ticket_id = $row['ticket_id'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = $row['ticket_number'];
$ticket_subject = htmlentities($row['ticket_subject']);

2
client_contacts.php
View File

@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Contacts">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_documents.php
View File

@ -130,7 +130,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Documents">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>

2
client_domains.php
View File

@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Domains">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_invoices.php
View File

@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Invoices">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_locations.php
View File

@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Locations">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_logins.php
View File

@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Passwords">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_logs.php
View File

@ -40,7 +40,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Logs">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_networks.php
View File

@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Networks">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_payments.php
View File

@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Payments">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

769
client_print.php
View File

@ -1,769 +0,0 @@
<?php include("header.php"); ?>
<?php
if(isset($_GET['client_id'])){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN locations ON primary_location = location_id WHERE client_id = $client_id AND clients.company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_name = $row['contact_name'];
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
$client_website = $row['client_website'];
//Query each table and store them in their array
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
$sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_type ASC");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
$sql_logins = mysqli_query($mysqli,"SELECT *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE login_client_id = $client_id ORDER BY login_name ASC");
$sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_client_id = $client_id ORDER BY network_name ASC");
$sql_domains = mysqli_query($mysqli,"SELECT * FROM domains WHERE domain_client_id = $client_id ORDER BY domain_name ASC");
$sql_software = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
$sql_invoices = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_client_id = $client_id ORDER BY invoice_number DESC");
$sql_payments = mysqli_query($mysqli,"SELECT * FROM payments, invoices, accounts
WHERE invoice_client_id = $client_id
AND payment_invoice_id = invoice_id
AND payment_account_id = account_id
ORDER BY payment_id DESC");
$sql_quotes = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_client_id = $client_id ORDER BY quote_number DESC");
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring WHERE recurring_client_id = $client_id ORDER BY recurring_id DESC");
$sql_documents = mysqli_query($mysqli,"SELECT * FROM documents WHERE document_client_id = $client_id ORDER BY document_created_at DESC");
//Get Counts
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_client_id = $client_id"));
$num_contacts = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_client_id = $client_id"));
$num_locations = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_client_id = $client_id"));
$num_assets = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_client_id = $client_id"));
$num_vendors = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins WHERE login_client_id = $client_id"));
$num_logins = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks WHERE network_client_id = $client_id"));
$num_networks = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains WHERE domain_client_id = $client_id"));
$num_domains = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_client_id = $client_id"));
$num_software = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_client_id = $client_id"));
$num_invoices = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"));
$num_payments = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes WHERE quote_client_id = $client_id"));
$num_quotes = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring WHERE recurring_client_id = $client_id"));
$num_recurring = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_client_id = $client_id"));
$num_documents = $row['num'];
?>
<!-- Breadcrumbs-->
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="clients.php">Clients</a>
</li>
<li class="breadcrumb-item">
<a href="client.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
</li>
<li class="breadcrumb-item active">Print</li>
</ol>
<button class="btn btn-primary btn-sm d-print-none mb-3" onclick="window.print();"><i class="fa fa-print"></i> Print</button>
<div class="row">
<div class="col-12">
<table class="table table-bordered mb-5">
<tr>
<th>Document</th>
<td>IT Documentation</td>
<th>Date</th>
<td><?php echo date('Y-m-d'); ?></td>
</tr>
<tr>
<th>Prepared By</th>
<td><?php echo $session_name; ?></td>
<th></th>
<th>Confidential</th>
</tr>
</table>
</div>
</div>
<div class="row">
<div class="col-9">
<h2><?php echo $client_name; ?></h2>
<table class="table">
<tr>
<th>Address</th>
<td>
<?php echo $location_address; ?>
<br>
<?php echo "$location_city $location_state $location_zip"; ?>
</td>
</tr>
<tr>
<th>Primary Contact</th>
<td><?php echo $contact_name; ?></td>
</tr>
<tr>
<th>Phone</th>
<td><?php echo $contact_phone; ?></td>
</tr>
<tr>
<th>Mobile</th>
<td><?php echo $contact_mobile; ?></td>
</tr>
<tr>
<th>Email</th>
<td><?php echo $contact_email; ?></td>
</tr>
<tr>
<th>Website</th>
<td><?php echo $client_website; ?></td>
</tr>
<tr>
<th>Net Terms</th>
<td><?php echo $client_net_terms; ?> Day</td>
</tr>
</table>
</div>
<div class="col-3">
<div class="card">
<div class="card-header">
<i class="fa fa-th"></i> Table of Contents</h6>
</div>
<div class="card-body">
<ul class="list-unstyled">
<?php if($num_contacts > 0){ ?> <li><a href="#contacts">Contacts</a></li> <?php } ?>
<?php if($num_locations > 0){ ?> <li><a href="#locations">Locations</a></li> <?php } ?>
<?php if($num_assets > 0){ ?> <li><a href="#assets">Assets</a></li> <?php } ?>
<?php if($num_vendors > 0){ ?> <li><a href="#vendors">Vendors</a></li> <?php } ?>
<?php if($num_logins > 0){ ?> <li><a href="#logins">Logins</a></li> <?php } ?>
<?php if($num_networks > 0){ ?> <li><a href="#networks">Networks</a></li> <?php } ?>
<?php if($num_domains > 0){ ?> <li><a href="#domains">Domains</a></li> <?php } ?>
<?php if($num_software > 0){ ?> <li><a href="#software">Software</a></li> <?php } ?>
<?php if($num_invoices > 0){ ?> <li><a href="#invoices">Invoices</a></li> <?php } ?>
<?php if($num_payments > 0){ ?> <li><a href="#payments">Payments</a></li> <?php } ?>
<?php if($num_quotes > 0){ ?> <li><a href="#quotes">Quotes</a></li> <?php } ?>
<?php if($num_recurring > 0){ ?> <li><a href="#recurring">Recurring</a></li> <?php } ?>
<?php if($num_documents > 0){ ?> <li><a href="#documents">Documents</a></li> <?php } ?>
</ul>
</div>
</div>
</div>
</div>
<?php if($num_contacts > 0){ ?>
<div id="dvContacts">
<h4 id="contacts">Contacts <small>(<?php echo $num_contacts; ?>)</small></h4>
<table class="table table-bordered table-compact table-sm mb-4">
<thead>
<tr>
<th>Name</th>
<th>Title</th>
<th>Email</th>
<th>Phone</th>
<th>Mobile</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_phone = $row['contact_phone'];
if(strlen($contact_phone)>2){
$contact_phone = substr($row['contact_phone'],0,3)."-".substr($row['contact_phone'],3,3)."-".substr($row['contact_phone'],6,4);
}
$contact_extension = $row['contact_extension'];
if(!empty($contact_extension)){
$contact_extension = "x$contact_extension";
}
$contact_mobile = $row['contact_mobile'];
if(strlen($contact_mobile)>2){
$contact_mobile = substr($row['contact_mobile'],0,3)."-".substr($row['contact_mobile'],3,3)."-".substr($row['contact_mobile'],6,4);
}
$contact_email = $row['contact_email'];
?>
<tr>
<td><?php echo $contact_name; ?></td>
<td><?php echo $contact_title; ?></td>
<td><?php echo $contact_email; ?></td>
<td><?php echo "$contact_phone $contact_extension"; ?></td>
<td><?php echo $contact_mobile; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
<?php } ?>
<?php if($num_locations > 0){ ?>
<h4 id="locations">Locations <small>(<?php echo $num_locations; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Location</th>
<th>Address</th>
<th>Phone</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_locations)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$location_phone = $row['location_phone'];
if(strlen($location_phone)>2){
$location_phone = substr($row['location_phone'],0,3)."-".substr($row['location_phone'],3,3)."-".substr($row['location_phone'],6,4);
}
?>
<tr>
<td><?php echo $location_name; ?></td>
<td><?php echo "$location_address<br>$location_city $location_state $location_zip"; ?></td>
<td><?php echo $location_phone; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_assets > 0){ ?>
<h4 id="assets">Assets <small>(<?php echo $num_assets; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Type</th>
<th>Name</th>
<th>Make</th>
<th>Model</th>
<th>Serial</th>
<th>OS</th>
<th>IP</th>
<th>MAC</th>
<th>Purchase Date</th>
<th>Warranty Expire</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_assets)){
$asset_id = $row['asset_id'];
$asset_type = $row['asset_type'];
$asset_name = $row['asset_name'];
$asset_make = $row['asset_make'];
$asset_model = $row['asset_model'];
$asset_serial = $row['asset_serial'];
$asset_os = $row['asset_os'];
$asset_ip = $row['asset_ip'];
$asset_mac = $row['asset_mac'];
$asset_purchase_date = $row['asset_purchase_date'];
$asset_warranty_expire = $row['asset_warranty_expire'];
?>
<tr>
<td><?php echo $asset_type; ?></td>
<td><?php echo $asset_name; ?></td>
<td><?php echo $asset_make; ?></td>
<td><?php echo $asset_model; ?></td>
<td><?php echo $asset_serial; ?></td>
<td><?php echo $asset_os; ?></td>
<td><?php echo $asset_ip; ?></td>
<td><?php echo $asset_mac; ?></td>
<td><?php echo $asset_purchase_date; ?></td>
<td><?php echo $asset_warranty_expire; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_vendors > 0){ ?>
<h4 id="vendors">Vendors <small>(<?php echo $num_vendors; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Vendor</th>
<th>Description</th>
<th>Contact Name</th>
<th>Phone</th>
<th>Email</th>
<th>Website</th>
<th>Account Number</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_description = $row['vendor_description'];
$vendor_account_number = $row['vendor_account_number'];
$vendor_contact_name = $row['vendor_contact_name'];
$vendor_phone = $row['vendor_phone'];
if(strlen($vendor_phone)>2){
$vendor_phone = substr($row['vendor_phone'],0,3)."-".substr($row['vendor_phone'],3,3)."-".substr($row['vendor_phone'],6,4);
}
$vendor_email = $row['vendor_email'];
$vendor_website = $row['vendor_website'];
?>
<tr>
<td><?php echo $vendor_name; ?></td>
<td><?php echo $vendor_description; ?></td>
<td><?php echo $vendor_contact_name; ?></td>
<td><?php echo $vendor_phone; ?></td>
<td><?php echo $vendor_email; ?></td>
<td><?php echo $vendor_website; ?></td>
<td><?php echo $vendor_account_number; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_logins > 0){ ?>
<h4 id="logins">Logins <small>(<?php echo $num_logins; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Name</th>
<th>URL/Host</th>
<th>Username</th>
<th>Password</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_logins)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
$login_username = $row['login_username'];
$login_password = $row['login_password'];
$login_uri = $row['login_uri'];
?>
<tr>
<td><?php echo $login_name; ?></td>
<td><?php echo $login_uri; ?></td>
<td><?php echo $login_username; ?></td>
<td><?php echo $login_password; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_networks > 0){ ?>
<h4 id="networks">Networks <small>(<?php echo $num_networks; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Name</th>
<th>vLAN</th>
<th>Network</th>
<th>Gateway</th>
<th>DHCP Range</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_networks)){
$network_id = $row['network_id'];
$network_name = $row['network_name'];
$network_vlan = $row['network_vlan'];
$network = $row['network'];
$network_gateway = $row['network_gateway'];
$network_dhcp_range = $row['network_dhcp_range'];
?>
<tr>
<td><?php echo $network_name; ?></td>
<td><?php echo $network_vlan; ?></td>
<td><?php echo $network; ?></td>
<td><?php echo $network_gateway; ?></td>
<td><?php echo $network_dhcp_range; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_domains > 0){ ?>
<h4 id="domains">Domains <small>(<?php echo $num_domains; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Domain</th>
<th>Registrar</th>
<th>Webhost</th>
<th>Expire</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_domains)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
$domain_registrar = $row['domain_registrar'];
$domain_webhost = $row['domain_webhost'];
$domain_expire = $row['domain_expire'];
if(!empty($domain_registrar)){
$sql_domain_registrar = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_registrar");
$row = mysqli_fetch_array($sql_domain_registrar);
$domain_registrar = $row['vendor_name'];
}else{
$domain_registrar = "-";
}
if(!empty($domain_webhost)){
$sql_domain_webhost = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
$row = mysqli_fetch_array($sql_domain_webhost);
$domain_webhost = $row['vendor_name'];
}else{
$domain_webhost = "-";
}
?>
<tr>
<td><?php echo $domain_name; ?></td>
<td><?php echo $domain_registrar; ?></td>
<td><?php echo $domain_webhost; ?></td>
<td><?php echo $domain_expire; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_software > 0){ ?>
<h4 id="software">Software <small>(<?php echo $num_software; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Software</th>
<th>Type</th>
<th>License</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_software)){
$software_id = $row['software_id'];
$software_name = $row['software_name'];
$software_type = $row['software_type'];
$software_license = $row['software_license'];
?>
<tr>
<td><?php echo $software_name; ?></td>
<td><?php echo $software_type; ?></td>
<td><?php echo $software_license; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_invoices > 0){ ?>
<h4 id="invoices">Invoices <small>(<?php echo $num_invoices; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Number</th>
<th class="text-right">Amount</th>
<th>Date</th>
<th>Due</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_invoices)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
?>
<tr>
<td><?php echo "$invoice_prefix$invoice_number"; ?></td>
<td class="text-right">$<?php echo number_format($invoice_amount,2); ?></td>
<td><?php echo $invoice_date; ?></td>
<td><?php echo $invoice_due; ?></td>
<td><?php echo $invoice_status; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_payments > 0){ ?>
<h4 id="payments">Payments <small>(<?php echo $num_payments; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Date Received</th>
<th>Date Due</th>
<th>Invoice</th>
<th class="text-right">Invoice Amount</th>
<th class="text-right">Amount Payed</th>
<th class="text-right">Invoice Balance</th>
<th>Payment Method</th>
<th>Check #</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_payments)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_amount = $row['invoice_amount'];
$invoice_due = $row['invoice_due'];
$payment_date = $row['payment_date'];
$payment_amount = $row['payment_amount'];
$payment_method = $row['payment_method'];
$payment_reference = $row['payment_reference'];
$account_name = $row['account_name'];
$invoice_balance = $invoice_amount - $payment_amount;
?>
<tr>
<td><?php echo $payment_date; ?></td>
<td><?php echo $invoice_due; ?></td>
<td><?php echo "$invoice_prefix$invoice_number"; ?></td>
<td class="text-right">$<?php echo number_format($invoice_amount,2); ?></td>
<td class="text-right">$<?php echo number_format($payment_amount,2); ?></td>
<td class="text-right">$<?php echo number_format($invoice_balance,2); ?></td>
<td><?php echo $payment_method; ?></td>
<td><?php echo $payment_reference; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_quotes > 0){ ?>
<h4 id="quotes">Quotes <small>(<?php echo $num_quotes; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Number</th>
<th class="text-right">Amount</th>
<th>Date</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_quotes)){
$quote_id = $row['quote_id'];
$quote_prefix = $row['quote_prefix'];
$quote_number = $row['quote_number'];
$quote_status = $row['quote_status'];
$quote_date = $row['quote_date'];
$quote_amount = $row['quote_amount'];
?>
<tr>
<td><?php echo $quote_number; ?></td>
<td class="text-right">$<?php echo number_format($quote_amount,2); ?></td>
<td><?php echo $quote_date; ?></td>
<td><?php echo $quote_status; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_recurring > 0){ ?>
<h4 id="recurring">Recurring Invoices <small>(<?php echo $num_recurring; ?>)</small></h4>
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Frequency</th>
<th>Created</th>
<th>Last Sent</th>
<th>Next Date</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql_recurring)){
$recurring_id = $row['recurring_id'];
$recurring_frequency = $row['recurring_frequency'];
$recurring_status = $row['recurring_status'];
$recurring_created_at = $row['recurring_created_at'];
$recurring_last_sent = $row['recurring_last_sent'];
if($recurring_last_sent == 0){
$recurring_last_sent = "-";
}
$recurring_next_date = $row['recurring_next_date'];
if($recurring_status == 1){
$status_display = "Active";
}else{
$status_display = "Inactive";
}
?>
<tr>
<td><?php echo ucwords($recurring_frequency); ?>ly</td>
<td><?php echo $recurring_created_at; ?></td>
<td><?php echo $recurring_last_sent; ?></td>
<td><?php echo $recurring_next_date; ?></td>
<td><?php echo $status_display; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php } ?>
<?php if($num_documents > 0){ ?>
<h4 id="documents">Documents <small>(<?php echo $num_documents; ?>)</small></h4>
<hr>
<?php
while($row = mysqli_fetch_array($sql_documents)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
$document_details = $row['document_details'];
?>
<h6><?php echo $document_name; ?></h6>
<hr>
<p class="mb-4"><?php echo $document_details; ?></p>
<?php } ?>
<?php } ?>
<?php } ?>
<?php include("footer.php");

2
client_quotes.php
View File

@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Quotes">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_recurring_invoices.php
View File

@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_scheduled_tickets.php
View File

@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

26
client_service_view_modal.php
View File

@ -41,7 +41,7 @@
}
?>
</ul>
<?php
<?php
}
?>
@ -69,18 +69,16 @@
if(!empty($networks)){ ?>
<h5><i class="nav-icon fas fa-network-wired"></i> Networks</h5>
<ul>
<?php
<?php
}
foreach($networks as $network){
$network = explode(":", $network);
echo "<li><a href=\"client_networks.php?client_id=$client_id&q=$network[0]\">$network[0] </a>(VLAN $network[1])</li>";
$network = explode(":", $network);
echo "<li><a href=\"client_networks.php?client_id=$client_id&q=$network[0]\">$network[0] </a>(VLAN $network[1])</li>";
}
// Not showing/haven't added explicitly linked networks - can't see a need for a network that doesn't have an asset on it?
// Can add at a later date if there is a use case for this
?>
</ul>
<?php
<?php
}
?>
@ -110,7 +108,7 @@
<?php
}
foreach($location_names as $location){
echo "<li><a href=\"client_locations.php?client_id=$client_id&q=$location\">$location</a></li>";
echo "<li><a href=\"client_locations.php?client_id=$client_id&q=$location\">$location</a></li>";
}
?>
</ul>
@ -284,14 +282,14 @@
}
?>
<!-- <h5><i class="nav-icon fas fa-file-alt"></i> Services</h5>-->
<!-- <ul>-->
<!-- <li>Related Service - Coming soon!</li>-->
<!-- </ul>-->
<!-- <h5><i class="nav-icon fas fa-file-alt"></i> Services</h5>-->
<!-- <ul>-->
<!-- <li>Related Service - Coming soon!</li>-->
<!-- </ul>-->
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>

2
client_services.php
View File

@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Services">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>

2
client_shared_items.php
View File

@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Shared Items">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Shared Items">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_software.php
View File

@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

9
client_test.php
View File

@ -1,9 +0,0 @@
<?php include("inc_all_client.php"); ?>
<?php
echo $client_id;
?>
<?php include("footer.php"); ?>

2
client_tickets.php
View File

@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tickets">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Tickets">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_trips.php
View File

@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Trips">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
client_vendors.php
View File

@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Vendors">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
clients.php
View File

@ -119,7 +119,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo stripslashes(htmlentities($query));} ?>" placeholder="Search Clients" autofocus>
<input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo strip_tags(htmlentities($query));} ?>" placeholder="Search Clients" autofocus>
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
companies.php
View File

@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<hr>
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Companies">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

24
cron.php
View File

@ -1,5 +1,5 @@
<?php include("config.php"); ?>
<?php include("functions.php"); ?>
<?php require_once("config.php"); ?>
<?php require_once("functions.php"); ?>
<?php
?>
@ -58,10 +58,10 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
$domain_name = mysqli_real_escape_string($mysqli,$row['domain_name']);
$domain_expire = $row['domain_expire'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Domain', notification = 'Domain $domain_name for $client_name will expire in $day Days on $domain_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@ -75,7 +75,7 @@ while($row = mysqli_fetch_array($sql_companies)){
foreach($certificateAlertArray as $day){
//Get Domains Expiring
//Get Certs Expiring
$sql = mysqli_query($mysqli,"SELECT * FROM certificates
LEFT JOIN clients ON certificate_client_id = client_id
WHERE certificate_expire = CURDATE() + INTERVAL $day DAY
@ -84,11 +84,11 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){
$certificate_id = $row['certificate_id'];
$certificate_name = $row['certificate_name'];
$certificate_name = mysqli_real_escape_string($mysqli,$row['certificate_name']);
$certificate_domain = $row['certificate_domain'];
$certificate_expire = $row['certificate_expire'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Certificate', notification = 'Certificate $certificate_name for $client_name will expire in $day Days on $certificate_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@ -111,10 +111,10 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
$asset_name = mysqli_real_escape_string($mysqli,$row['asset_name']);
$asset_warranty_expire = $row['asset_warranty_expire'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Asset', notification = 'Asset $asset_name warranty for $client_name will expire in $day Days on $asset_warranty_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@ -134,8 +134,8 @@ while($row = mysqli_fetch_array($sql_companies)){
if(mysqli_num_rows($sql_scheduled_tickets) > 0){
while($row = mysqli_fetch_array($sql_scheduled_tickets)){
$schedule_id = $row['scheduled_ticket_id'];
$subject = $row['scheduled_ticket_subject'];
$details = $row['scheduled_ticket_details'];
$subject = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_subject']);
$details = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_details']);
$priority = $row['scheduled_ticket_priority'];
$frequency = strtolower($row['scheduled_ticket_frequency']);
$created_id = $row['scheduled_ticket_created_by'];
@ -225,7 +225,7 @@ while($row = mysqli_fetch_array($sql_companies)){
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];

2
expenses.php
View File

@ -83,7 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Expenses">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

6
guest_download_file.php
View File

@ -44,7 +44,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
exit("No file.");
}
$file_name = $file_row['file_name'];
$file_name = strip_tags(mysqli_real_escape_string($mysqli, $file_row['file_name']));
$file_ext = $file_row['file_ext'];
$file_reference_name = $file_row['file_reference_name'];
$client_id = $file_row['file_client_id'];
@ -54,7 +54,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
// Display file as download
$mime_type = mime_content_type($file_path);
header('Content-type: '.$mime_type);
header('Content-Disposition: attachment; filename=download.' .$file_ext);
header('Content-Disposition: attachment; filename=download.' . $file_ext);
readfile($file_path);
// Update file view count
@ -62,7 +62,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
}

3
guest_pay_invoice.php
View File

@ -1,5 +1,8 @@
<?php
// Still in development, for use with Stripe Pay - exit
exit();
include("config.php");
session_start();

6
guest_view_item.php
View File

@ -76,7 +76,8 @@ if($item_type == "Document"){
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
$name = mysqli_real_escape_string($mysqli, $doc_title);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
}elseif($item_type == "File"){
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
@ -135,7 +136,8 @@ if($item_type == "Document"){
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
$name = mysqli_real_escape_string($mysqli, $login_name);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
}

1
header.php
View File

@ -29,7 +29,6 @@ header("X-Frame-Options: DENY");
<link href="plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
<!-- <link href='plugins/fullcalendar/main.min.css' rel='stylesheet' /> -->
<link href='plugins/daterangepicker/daterangepicker.css' rel='stylesheet' />
<link href="plugins/summernote/summernote-bs4.min.css" rel="stylesheet">
<link href="plugins/toastr/toastr.min.css" rel="stylesheet">

7
inc_all_settings.php
View File

@ -4,12 +4,7 @@ include("config.php");
include_once("functions.php");
include("check_login.php");
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: index.php");
exit();
}
validateAdminRole();
include("header.php");
include("top_nav.php");

2
invoices.php
View File

@ -205,7 +205,7 @@
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Invoices">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

6
login.php
View File

@ -59,12 +59,12 @@ if(isset($_POST['login'])){
// User variables
$token = $row['user_token'];
$user_name = $row['user_name'];
$user_name = strip_tags(mysqli_real_escape_string($mysqli, $row['user_name']));
$user_id = $row['user_id'];
// Session info
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['csrf_token'] = bin2hex(random_bytes(78));

2
logs.php
View File

@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search audit logs">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
notifications_dismissed.php
View File

@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

2
payments.php
View File

@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Payments">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

6
portal/check_login.php
View File

@ -36,10 +36,10 @@ $session_company_id = $_SESSION['company_id'];
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
$session_contact_name = $contact['contact_name'];
$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_name']));
$session_contact_initials = initials($session_contact_name);
$session_contact_title = $contact['contact_title'];
$session_contact_email = $contact['contact_email'];
$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_title']));
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
// Get client info

14
portal/index.php
View File

@ -86,11 +86,17 @@ $total_tickets = $row['total_tickets'];
<tbody>
<?php
while ($ticket = mysqli_fetch_array($contact_tickets)) {
while ($row = mysqli_fetch_array($contact_tickets)) {
$ticket_id = $row['ticket_id'];
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = $row['ticket_number'];
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[ticket_status]</td>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_number</a></td>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_subject</a></td>";
echo "<td>$ticket_status</td>";
echo "</tr>";
}
?>

4
portal/login.php
View File

@ -24,7 +24,7 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id'];
$azure_client_id = $settings['config_azure_client_id'];
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_results = mysqli_fetch_array($company_sql);
@ -131,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
</form>
<?php
if (!empty($client_id)) { ?>
if (!empty($azure_client_id)) { ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>

4
portal/login_reset.php
View File

@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = key32gen();
$token = bin2hex(random_bytes(78));
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
@ -59,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser:<br> $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,

40
portal/ticket.php
View File

@ -15,18 +15,28 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
}
$ticket = mysqli_fetch_array($ticket_sql);
$ticket_row = mysqli_fetch_array($ticket_sql);
if ($ticket_row) {
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
$ticket_number = $ticket_row['ticket_number'];
$ticket_status = htmlentities($ticket_row['ticket_status']);
$ticket_priority = htmlentities($ticket_row['ticket_priority']);
$ticket_subject = htmlentities($ticket_row['ticket_subject']);
$ticket_details = $ticket_row['ticket_details'];
$ticket_feedback = htmlentities($ticket_row['ticket_feedback']);
if ($ticket) {
?>
<nav class="navbar navbar-dark bg-dark">
<i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a>
<i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket_prefix, $ticket_number ?></a>
<span class="navbar-text">
<?php
if ($ticket['ticket_status'] !== "Closed") { ?>
if ($ticket_status !== "Closed") { ?>
<button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php } ?>
</span>
@ -35,39 +45,39 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="card">
<div class="card-header">
<h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3>
<h3 class="card-title"><b>Subject:</b> <?php echo $ticket_subject ?></h3>
</div>
<div class="card-body">
<p>
<b>State:</b> <?php echo $ticket['ticket_status'] ?>
<b>State:</b> <?php echo $ticket_status ?>
<br>
<b>Priority:</b> <?php echo $ticket['ticket_priority'] ?>
<b>Priority:</b> <?php echo $ticket_priority ?>
</p>
<b>Issue:</b> <?php echo $ticket['ticket_details'] ?>
<b>Issue:</b> <?php echo $ticket_details ?>
</div>
</div>
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<?php if ($ticket['ticket_status'] !== "Closed") { ?>
<?php if ($ticket_status !== "Closed") { ?>
<div class="form-group">
<form action="portal_post.php" method="post">
<div class="form-group">
<textarea class="form-control" name="comment" placeholder="Add comments.."></textarea>
</div>
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
<button type="submit" class="btn btn-primary" name="add_ticket_comment">Save reply</button>
</form>
</div>
<?php }
elseif (empty($ticket['ticket_feedback'])) { ?>
elseif (empty($ticket_feedback)) { ?>
<h4>Rate your ticket</h4>
<form action="portal_post.php" method="post">
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
<button type="submit" class="btn btn-primary btn-lg" name="add_ticket_feedback" value="Good" onclick="this.form.submit()">
<span class="fa fa-smile" aria-hidden="true"></span> Good
@ -82,7 +92,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
else { ?>
<h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4>
<h4>Rated <?php echo $ticket_feedback ?> -- Thanks for your feedback!</h4>
<?php } ?>
@ -102,12 +112,12 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = $row['contact_name'];
$ticket_reply_by_display = htmlentities($row['contact_name']);
$user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
} else {
$ticket_reply_by_display = $row['user_name'];
$ticket_reply_by_display = htmlentities($row['user_name']);
$user_id = $row['user_id'];
$user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']);

17
portal/ticket_view_all.php
View File

@ -55,12 +55,19 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<tbody>
<?php
while ($ticket = mysqli_fetch_array($all_tickets)) {
while ($row = mysqli_fetch_array($all_tickets)) {
$ticket_id = $row['ticket_id'];
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = $row['ticket_number'];
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_contact_name = htmlentities($row['contact_name']);
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[contact_name]</td>";
echo "<td>$ticket[ticket_status]</td>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_subject</a></td>";
echo "<td>$ticket_contact_name</td>";
echo "<td>$ticket_status</td>";
echo "</tr>";
}
?>

44
post.php
View File

@ -53,7 +53,7 @@ if(isset($_POST['add_user'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['password']); //TODO: Consider this users role - if they don't need access to logins, potentially don't set this -- just know it's a pain to add afterwards (you'd need to reset their password).
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['password']);
$default_company = intval($_POST['default_company']);
$role = intval($_POST['role']);
@ -115,10 +115,10 @@ if(isset($_POST['add_user'])){
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
// Send user e-mail, if specified
if(isset($_POST['send_email']) && !empty($config_smtp_host)){
if(isset($_POST['send_email']) && !empty($config_smtp_host) && filter_var($email, FILTER_VALIDATE_EMAIL)){
$subject = "Your new $session_company_name ITFlow account";
$body = "Hello, $name<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $_POST[password]<br>Login URL: $config_base_url<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email";
$body = "Hello, $name<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $_POST[password]<br>Login URL: https://$config_base_url<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
@ -145,13 +145,6 @@ if(isset($_POST['edit_user'])){
validateAdminRole();
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
@ -246,17 +239,10 @@ if(isset($_POST['edit_user'])){
if(isset($_POST['edit_profile'])){
if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$user_id = intval($_POST['user_id']);
$user_id = $session_user_id;
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$new_password = trim($_POST['new_password']);
@ -741,9 +727,6 @@ if(isset($_GET['delete_company'])){
mysqli_query($mysqli,"DELETE FROM tickets WHERE company_id = $company_id");
mysqli_query($mysqli,"DELETE FROM ticket_replies WHERE company_id = $company_id");
// TODO ticket views is missing company_id
// mysqli_query($mysqli,"DELETE FROM ticket_views WHERE company_id = $company_id");
mysqli_query($mysqli,"DELETE FROM transfers WHERE company_id = $company_id");
mysqli_query($mysqli,"DELETE FROM trips WHERE company_id = $company_id");
mysqli_query($mysqli,"DELETE FROM user_companies WHERE company_id = $company_id");
@ -1047,6 +1030,9 @@ if(isset($_POST['edit_module_settings'])){
if(isset($_POST['enable_2fa'])){
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$token = mysqli_real_escape_string($mysqli,$_POST['token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id");
@ -1062,6 +1048,9 @@ if(isset($_POST['enable_2fa'])){
if(isset($_POST['disable_2fa'])){
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
//Logging
@ -1155,6 +1144,7 @@ if(isset($_GET['download_database'])){
if(isset($_POST['backup_master_key'])){
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
$password = $_POST['password'];
@ -1367,7 +1357,7 @@ if(isset($_POST['edit_client'])){
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Client <strong>".stripslashes($client_name)."</strong> updated";
$_SESSION['alert_message'] = "Client <strong>".htmlentities($client_name)."</strong> updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -1389,7 +1379,7 @@ if(isset($_GET['archive_client'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Archive', log_description = '$session_name archived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Client ".stripslashes($client_name)." archive. <a href='post.php?undo_archive_client=$client_id'>Undo</a>";
$_SESSION['alert_message'] = "Client ".htmlentities($client_name)." archived. <a href='post.php?undo_archive_client=$client_id'>Undo</a>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -1408,7 +1398,7 @@ if(isset($_GET['undo_archive_client'])){
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Undo Archive', log_description = '$session_name unarchived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Client ".stripslashes($client_name)." unarchived.";
$_SESSION['alert_message'] = "Client ".htmlentities($client_name)." unarchived.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -4009,7 +3999,7 @@ if(isset($_GET['archive_contact'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Archive', log_description = '$session_name archived contact $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Contact ".stripslashes($contact_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
$_SESSION['alert_message'] = "Contact ".htmlentities($contact_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -4407,7 +4397,7 @@ if(isset($_GET['archive_location'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Archive', log_description = '$session_name archived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Location ".stripslashes($location_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
$_SESSION['alert_message'] = "Location ".htmlentities($location_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -4428,7 +4418,7 @@ if(isset($_GET['undo_archive_location'])){
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Undo Archive', log_description = '$session_name unarchived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Location ".stripslashes($location_name)." unarchived.";
$_SESSION['alert_message'] = "Location ".htmlentities($location_name)." unarchived.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

2
products.php
View File

@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Products">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Products">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

2
quotes.php
View File

@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Quotes">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Quotes">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
recurring_invoices.php
View File

@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Recurring Invoices">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Recurring Invoices">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
revenues.php
View File

@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Revenues">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Revenues">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
scheduled_tickets.php
View File

@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Scheduled Tickets">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Scheduled Tickets">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>

2
settings_api.php
View File

@ -29,7 +29,7 @@
<div class="card-body">
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search keys">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search keys">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

1
settings_backup.php
View File

@ -18,6 +18,7 @@
<div class="card-body">
<center>
<form action="post.php" method="POST">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="input-group col-4">
<div class="input-group-prepend">
<input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>

2
settings_tags.php
View File

@ -51,7 +51,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
<div class="col-sm-4 mb-2">
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tags">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Tags">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

293
test_client_header.php
View File

@ -1,293 +0,0 @@
<?php include("config.php"); ?>
<?php include("functions.php"); ?>
<?php include("check_login.php"); ?>
<?php include("header.php"); ?>
<?php include("top_nav.php"); ?>
<?php
if(isset($_GET['client_id'])){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli,"UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id AND company_id = $session_company_id");
$sql = mysqli_query($mysqli,"SELECT * FROM clients
LEFT JOIN locations ON primary_location = location_id AND location_archived_at IS NULL
LEFT JOIN contacts ON primary_contact = contact_id AND contact_archived_at IS NULL
WHERE client_id = $client_id
AND clients.company_id = $session_company_id");
if(mysqli_num_rows($sql) == 0){
include("header.php");
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
}else{
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$client_type = $row['client_type'];
$client_website = $row['client_website'];
$client_referral = $row['client_referral'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$client_notes = $row['client_notes'];
$client_created_at = $row['client_created_at'];
$primary_contact = $row['primary_contact'];
$primary_location = $row['primary_location'];
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_email = $row['contact_email'];
$contact_phone = $row['contact_phone'];
$contact_extension = $row['contact_extension'];
$contact_mobile = $row['contact_mobile'];
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$location_country = $row['location_country'];
$location_phone = $row['location_phone'];
//Client Tags
$client_tag_name_display_array = array();
$client_tag_id_array = array();
$sql_client_tags = mysqli_query($mysqli,"SELECT * FROM client_tags LEFT JOIN tags ON client_tags.tag_id = tags.tag_id WHERE client_tags.client_id = $client_id");
while($row = mysqli_fetch_array($sql_client_tags)){
$client_tag_id = $row['tag_id'];
$client_tag_name = $row['tag_name'];
$client_tag_color = $row['tag_color'];
$client_tag_icon = $row['tag_icon'];
if(empty($client_tag_icon)){
$client_tag_icon = "tag";
}
$client_tag_id_array[] = $client_tag_id;
$client_tag_name_display_array[] = "$client_tag_name ";
}
$client_tags_display = "<i class='fa fa-fw fa-tag text-secondary ml-1 mr-2 mb-2'></i> " . implode('', $client_tag_name_display_array);
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'");
$row = mysqli_fetch_array($sql_invoice_amounts);
$invoice_amounts = $row['invoice_amounts'];
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$balance = $invoice_amounts - $amount_paid;
//Badge Counts
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id"));
$num_contacts = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id"));
$num_locations = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id"));
$num_assets = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('ticket_id') AS num FROM tickets WHERE ticket_archived_at IS NULL AND ticket_status != 'Closed' AND ticket_client_id = $client_id"));
$num_active_tickets = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services WHERE service_client_id = $client_id"));
$num_services = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id"));
$num_vendors = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins WHERE login_archived_at IS NULL AND login_client_id = $client_id"));
$num_logins = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id"));
$num_networks = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains WHERE domain_archived_at IS NULL AND domain_client_id = $client_id"));
$num_domains = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates WHERE certificate_archived_at IS NULL AND certificate_client_id = $client_id"));
$num_certificates = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_archived_at IS NULL AND software_client_id = $client_id"));
$num_software = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_archived_at IS NULL AND invoice_client_id = $client_id"));
$num_invoices = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes WHERE quote_archived_at IS NULL AND quote_client_id = $client_id"));
$num_quotes = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring WHERE recurring_archived_at IS NULL AND recurring_client_id = $client_id"));
$num_recurring = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"));
$num_payments = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files WHERE file_archived_at IS NULL AND file_client_id = $client_id"));
$num_files = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_archived_at IS NULL AND document_client_id = $client_id"));
$num_documents = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM events WHERE event_client_id = $client_id"));
$num_events = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips WHERE trip_archived_at IS NULL AND trip_client_id = $client_id"));
$num_trips = $row['num'];
?>
<?php
include("client_side_nav.php");
include("inc_wrapper.php");
include("inc_alert_feedback.php");
?>
<?php
$contact_phone = formatPhoneNumber($contact_phone);
$contact_mobile = formatPhoneNumber($contact_mobile);
$location_phone = formatPhoneNumber($location_phone);
?>
<div class="card mb-3">
<div class="card-body">
<div class="row">
<div class="col-md">
<h4 class="text-secondary"><strong><?php echo $client_name; ?></strong></h4>
<?php if(!empty($location_address)){ ?>
<a href="//maps.<?php echo $session_map_source; ?>.com/?q=<?php echo "$location_address $location_zip"; ?>" target="_blank">
<div><i class="fa fa-fw fa-map-marker-alt text-secondary ml-1 mr-1"></i> <?php echo $location_address; ?></div>
<div class="ml-4 mb-2"><?php echo "$location_city $location_state $location_zip"; ?></div>
</a>
<?php } ?>
<?php
if(!empty($location_phone)){
?>
<i class="fa fa-fw fa-phone text-secondary ml-1 mr-2 mb-2"></i> <?php echo $location_phone; ?>
<br>
<?php
}
?>
<?php
if(!empty($client_website)){
?>
<i class="fa fa-fw fa-globe text-secondary ml-1 mr-2 mb-2"></i> <a target="_blank" href="//<?php echo $client_website; ?>"><?php echo $client_website; ?></a>
<br>
<?php
}
?>
<?php
if(!empty($client_tag_name_display_array)){
?>
<?php echo $client_tags_display; ?>
<?php
}
?>
</div>
<div class="col-md border-left">
<h4 class="text-secondary">Contact</h4>
<?php
if(!empty($contact_name)){
?>
<i class="fa fa-fw fa-user text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_name; ?>
<br>
<?php
}
?>
<?php
if(!empty($contact_email)){
?>
<i class="fa fa-fw fa-envelope text-secondary ml-1 mr-2 mb-2"></i> <a href="mailto:<?php echo $contact_email; ?>"><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button>
<br>
<?php
}
?>
<?php
if(!empty($contact_phone)){
?>
<i class="fa fa-fw fa-phone text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_phone; ?>
<?php
if(!empty($contact_extension)){
?>
x<?php echo $contact_extension; ?>
<?php
}
?>
<br>
<?php
}
?>
<?php
if(!empty($contact_mobile)){
?>
<i class="fa fa-fw fa-mobile-alt text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_mobile; ?>
<?php
}
?>
</div>
<?php if($session_user_role == 1 || $session_user_role == 3 AND $config_module_enable_accounting == 1){ ?>
<div class="col-md border-left">
<h4 class="text-secondary">Billing</h4>
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>
<h6 class="ml-1 text-secondary">Balance <div class="<?php if($balance > 0){ echo "text-danger"; }else{ echo "text-dark"; } ?> float-right"> <?php echo numfmt_format_currency($currency_format, $balance, $client_currency_code); ?></div></h6>
<h6 class="ml-1 text-secondary">Net Terms <div class="text-dark float-right"><?php echo $client_net_terms; ?> <small class="text-secondary">Days</small></div></h6>
</div>
<?php } ?>
<?php if($config_module_enable_ticketing == 1){ ?>
<div class="col-md border-left">
<h4 class="text-secondary">Support</h4>
<h6 class="ml-1 text-secondary">Open Tickets <div class="text-dark float-right"><?php echo $num_active_tickets; ?></div></h6>
</div>
<?php } ?>
<div class="col-md-1 border-left">
<?php if($session_user_role == 3) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
</div>
</div>
<?php } ?>
</div>
</div>
</div>
</div>
<?php
include("client_routes.php");
include("client_edit_modal.php");
include("client_delete_modal.php");
include("category_quick_add_modal.php");
}
}
include("footer.php");
?>

0
client.js → test_stripe_client.js
View File

7
guest_checkout.php → test_stripe_guest_checkout.php
View File

@ -1,4 +1,7 @@
<?php
<?php
exit();
include("config.php");
include("check_login.php");
include("functions.php");
@ -15,7 +18,7 @@ include("functions.php");
<link rel="stylesheet" href="global.css" />
<script src="https://js.stripe.com/v3/"></script>
<script src="https://polyfill.io/v3/polyfill.min.js?version=3.52.1&features=fetch"></script>
<script src="client.js" defer></script>
<script src="test_stripe_client.js" defer></script>
</head>
<body>

2
tickets.php
View File

@ -176,7 +176,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {
echo stripslashes(htmlentities($q));
echo strip_tags(htmlentities($q));
} ?>" placeholder="Search Tickets">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse"

2
transfers.php
View File

@ -80,7 +80,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Transfers">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Transfers">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
trips.php
View File

@ -84,7 +84,7 @@
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Trips">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>

2
user_profile.php
View File

@ -22,7 +22,6 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>">
<center class="mb-3 p-4">
@ -96,6 +95,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<h3>2-Factor Authentication</h3>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if(empty($session_token)){ ?>
<p>You have not setup 2FA, click on enable to setup 2FA.</p>

2
users.php
View File

@ -37,7 +37,7 @@
<div class="card-body">
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Users">
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Users">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>

2
vendors.php
View File

@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Vendors">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Vendors">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>