diff --git a/accounts.php b/accounts.php
index 61216bee..c0018c16 100644
--- a/accounts.php
+++ b/accounts.php
@@ -27,7 +27,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Accounts">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/ajax.php b/ajax.php
index 52c5d5c6..39a88a6b 100644
--- a/ajax.php
+++ b/ajax.php
@@ -110,7 +110,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
 
     $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
 
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets
+    $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets
       LEFT JOIN clients ON ticket_client_id = client_id 
       LEFT JOIN contacts ON ticket_contact_id = contact_id
       WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'");
@@ -120,7 +120,8 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
     } else {
         //Return ticket, client and contact details for the given ticket number
         $response = mysqli_fetch_array($sql);
-        echo json_encode($response);
+        $response = array_map('htmlentities', $response);
+        echo json_encode( $response);
     }
 }
 
@@ -190,10 +191,10 @@ if (isset($_GET['ticket_query_views'])) {
         $users = array_unique($users);
         if (count($users) > 1) {
             // Multiple viewers
-            $response['message'] = implode(", ", $users) . " are viewing this ticket.";
+            $response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
         } else {
             // Single viewer
-            $response['message'] = implode("", $users) . " is viewing this ticket.";
+            $response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
         }
     } else {
         // No viewers
@@ -221,19 +222,19 @@ if (isset($_GET['share_generate_link'])) {
 
     if ($item_type == "Document") {
         $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
-        $item_name = $row['document_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['document_name']));
     }
 
     if ($item_type == "File") {
         $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
-        $item_name = $row['file_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['file_name']));
     }
 
     if ($item_type == "Login") {
         $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
         $row = mysqli_fetch_array($login);
 
-        $item_name = $row['login_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name']));
 
         // Decrypt & re-encrypt password for sharing
         $login_password_cleartext = decryptLoginEntry($row['login_password']);
diff --git a/api/v1/clients/read.php b/api/v1/clients/read.php
index c77b82ea..af5577e5 100644
--- a/api/v1/clients/read.php
+++ b/api/v1/clients/read.php
@@ -11,7 +11,7 @@ if (isset($_GET['client_id'])) {
 
 // Specific client via name (single)
 elseif (isset($_GET['client_name'])) {
-    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name'])));
+    $name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
     $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 
diff --git a/api/v1/contacts/read.php b/api/v1/contacts/read.php
index c15b1493..19acda88 100644
--- a/api/v1/contacts/read.php
+++ b/api/v1/contacts/read.php
@@ -11,7 +11,7 @@ if (isset($_GET['contact_id'])) {
 
 // Specific contact via email (single)
 elseif (isset($_GET['contact_email'])) {
-    $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email'])));
+    $email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
     $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 
diff --git a/api/v1/software/read.php b/api/v1/software/read.php
index ca26185d..0b09d9a0 100644
--- a/api/v1/software/read.php
+++ b/api/v1/software/read.php
@@ -9,10 +9,10 @@ if (isset($_GET['software_id'])) {
     $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 
-// Specific software via License ID
-if (isset($_GET['software_license'])) {
-    $license = mysqli_real_escape_string($mysqli, $_GET['software_license']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+// Specific software via key
+if (isset($_GET['software_key'])) {
+    $key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 
 // Software by name
diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php
index 5b85055e..fceeaa7c 100644
--- a/api/v1/validate_api_key.php
+++ b/api/v1/validate_api_key.php
@@ -73,10 +73,10 @@ if (isset($api_key)) {
     if (mysqli_num_rows($sql) !== 1) {
         // Invalid Key
         header(WORDING_UNAUTHORIZED);
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
 
         $return_arr['success'] = "False";
-        $return_arr['message'] = "API Key authentication failure or expired.";
+        $return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
 
         header(WORDING_UNAUTHORIZED);
         echo json_encode($return_arr);
@@ -88,7 +88,7 @@ if (isset($api_key)) {
 
         // Set client ID, company ID & key name
         $row = mysqli_fetch_array($sql);
-        $api_key_name = $row['api_key_name'];
+        $api_key_name = htmlentities($row['api_key_name']);
         $client_id = $row['api_key_client_id'];
         $company_id = $row['company_id'];
 
diff --git a/api_key_add_modal.php b/api_key_add_modal.php
index 9253d568..4f6aa795 100644
--- a/api_key_add_modal.php
+++ b/api_key_add_modal.php
@@ -65,7 +65,7 @@ $key = bin2hex(random_bytes(78));
                 $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                   ?>
                   <option value="<?php echo $client_id; ?>"><?php echo "$client_name  (Client ID: $client_id)"; ?></option>
 
diff --git a/assets.php b/assets.php
deleted file mode 100644
index 772673ee..00000000
--- a/assets.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php include("inc_all.php");
-
-//Column Filter
-if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
-}else{
-  $sb = "asset_name";
-}
-
-//Date From and Date To Filter
-if(!empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
-}else{
-  $dtf = "0000-00-00";
-  $dtt = "9999-00-00";
-}
-
-//Rebuild URL
-
-$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
-
-$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM assets LEFT JOIN clients ON asset_client_id = client_id 
-  WHERE (asset_name LIKE '%$q%' OR asset_type LIKE '%$q%' OR asset_make LIKE '%$q%' OR asset_model LIKE '%$q%' OR asset_serial LIKE '%$q%' OR asset_os LIKE '%$q%' 
-  OR asset_ip LIKE '%$q%' OR asset_mac LIKE '%$q%' OR client_name LIKE '%$q%') 
-  AND DATE(asset_created_at) BETWEEN '$dtf' AND '$dtt'
-  AND assets.company_id = $session_company_id 
-  ORDER BY $sb $o LIMIT $record_from, $record_to"
-); 
-
-$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
-
-?>
-
-<div class="card card-dark">
-  <div class="card-header py-2">
-    <h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop"></i> Client Assets</h3>
-    <div class="card-tools">
-    </div>
-  </div>
-
-  <div class="card-body">
-    <form class="mb-4" autocomplete="off">
-      <div class="row">
-        <div class="col-sm-4">
-          <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search all client assets">
-            <div class="input-group-append">
-              <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
-              <button class="btn btn-primary"><i class="fa fa-search"></i></button>
-            </div>
-          </div>
-        </div>
-      </div>
-      <div class="collapse mt-3 <?php if(!empty($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
-        <div class="row">
-          <div class="col-md-2">
-            <div class="form-group">
-              <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
-            </div>
-          </div>
-          <div class="col-md-2">
-            <div class="form-group">
-              <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
-            </div>
-          </div>
-        </div>    
-      </div>
-    </form>
-    <hr>
-    <div class="table-responsive">
-      <table class="table table-striped table-borderless table-hover">
-        <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
-          <tr>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_make&o=<?php echo $disp; ?>">Make</a></th>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_model&o=<?php echo $disp; ?>">Model</a></th>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial</a></th>
-            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=client_name&o=<?php echo $disp; ?>">Client</a></th>
-          </tr>
-        </thead>
-        <tbody>
-          <?php
-      
-          while($row = mysqli_fetch_array($sql)){
-            $asset_id = $row['asset_id'];
-            $asset_type = $row['asset_type'];
-            $asset_name = $row['asset_name'];
-            $asset_make = $row['asset_make'];
-            $asset_model = $row['asset_model'];
-            $asset_serial = $row['asset_serial'];
-            $asset_os = $row['asset_os'];
-            $asset_ip = $row['asset_ip'];
-            $asset_mac = $row['asset_mac'];
-            $asset_purchase_date = $row['asset_purchase_date'];
-            $asset_warranty_expire = $row['asset_warranty_expire'];
-            $asset_notes = $row['asset_notes'];
-            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
-            $vendor_id = $row['vendor_id'];
-            $location_id = $row['location_id'];
-            $contact_id = $row['contact_id'];
-            $network_id = $row['network_id'];
-
-            if($asset_type == 'Laptop'){
-              $device_icon = "laptop";
-            }elseif($asset_type == 'Desktop'){
-              $device_icon = "desktop";
-            }elseif($asset_type == 'Server'){
-              $device_icon = "server";
-            }elseif($asset_type == 'Printer'){
-              $device_icon = "print";
-            }elseif($asset_type == 'Camera'){
-              $device_icon = "video";
-            }elseif($asset_type == 'Switch' || $asset_type == 'Firewall/Router'){
-              $device_icon = "network-wired";
-            }elseif($asset_type == 'Access Point'){
-              $device_icon = "wifi";
-            }elseif($asset_type == 'Phone'){
-              $device_icon = "phone";
-            }elseif($asset_type == 'Mobile Phone'){
-              $device_icon = "mobile-alt";
-            }elseif($asset_type == 'Tablet'){
-              $device_icon = "tablet-alt";
-            }elseif($asset_type == 'TV'){
-              $device_icon = "tv";
-            }elseif($asset_type == 'Virtual Machine'){
-              $device_icon = "cloud";
-            }else{
-              $device_icon = "tag";
-            }
-      
-          ?>
-          <tr>
-            
-            <td><i class="fa fa-fw text-secondary fa-<?php echo $device_icon; ?> mr-2"></i><?php echo $asset_name; ?></td>
-            <td><?php echo $asset_type; ?></td>
-            <td><?php echo $asset_make; ?></td>
-            <td><?php echo $asset_model; ?></td>
-            <td><?php echo $asset_serial; ?></td>
-            <td><a href="client.php?client_id=<?php echo $client_id; ?>&tab=assets"><?php echo $client_name; ?></a></td>
-          </tr>
-
-          <?php
-          }
-          ?>
-
-        </tbody>
-      </table>
-    </div>
-    <?php include("pagination.php"); ?>
-  </div>
-</div>
-
-<?php include("add_asset_modal.php"); ?>
-
-<?php include("footer.php");
\ No newline at end of file
diff --git a/categories.php b/categories.php
index 95b56d04..26cfc448 100644
--- a/categories.php
+++ b/categories.php
@@ -53,7 +53,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
       <div class="row">
         <div class="col-sm-4 mb-2">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Categories">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/check_login.php b/check_login.php
index 1597527b..e24efb6a 100644
--- a/check_login.php
+++ b/check_login.php
@@ -32,7 +32,7 @@ $session_user_id = $_SESSION['user_id'];
 
 $sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
 $row = mysqli_fetch_array($sql);
-$session_name = $row['user_name'];
+$session_name = mysqli_real_escape_string($mysqli, $row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
 $session_token = $row['user_token'];
diff --git a/client_assets.php b/client_assets.php
index 9f919f4b..3891e1d8 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -86,7 +86,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?>s">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?>s">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_certificates.php b/client_certificates.php
index 4de3f655..79eb96be 100644
--- a/client_certificates.php
+++ b/client_certificates.php
@@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Certificates">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_contact_details_modal.php b/client_contact_details_modal.php
index 58cf6ca6..749ac31b 100644
--- a/client_contact_details_modal.php
+++ b/client_contact_details_modal.php
@@ -105,7 +105,7 @@
 
               while($row = mysqli_fetch_array($sql_related_tickets)){
                 $ticket_id = $row['ticket_id'];
-                $ticket_prefix = $row['ticket_prefix'];
+                $ticket_prefix = htmlentities($row['ticket_prefix']);
                 $ticket_number = $row['ticket_number'];
                 $ticket_subject = htmlentities($row['ticket_subject']);
 
diff --git a/client_contacts.php b/client_contacts.php
index eeb82d08..73ce0327 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Contacts">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_documents.php b/client_documents.php
index 244e58ad..dbb952bb 100644
--- a/client_documents.php
+++ b/client_documents.php
@@ -130,7 +130,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
           <input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
           <div class="input-group">
-            <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
+            <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Documents">
             <div class="input-group-append">
               <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_domains.php b/client_domains.php
index 10bb382f..14ace448 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Domains">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_invoices.php b/client_invoices.php
index 65e23cbd..69915877 100644
--- a/client_invoices.php
+++ b/client_invoices.php
@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Invoices">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_locations.php b/client_locations.php
index f063aa64..b849c196 100644
--- a/client_locations.php
+++ b/client_locations.php
@@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Locations">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_logins.php b/client_logins.php
index 43416cf0..f0ef1cca 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
           <div class="col-md-4">
             <div class="input-group mb-3 mb-md-0">
-              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Passwords">
               <div class="input-group-append">
                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
               </div>
diff --git a/client_logs.php b/client_logs.php
index 8816067d..1b591255 100644
--- a/client_logs.php
+++ b/client_logs.php
@@ -40,7 +40,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Logs">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_networks.php b/client_networks.php
index eea103c9..fbf785f3 100644
--- a/client_networks.php
+++ b/client_networks.php
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Networks">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_payments.php b/client_payments.php
index 32ce2214..a95d6a97 100644
--- a/client_payments.php
+++ b/client_payments.php
@@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Payments">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_print.php b/client_print.php
deleted file mode 100644
index e55bf2db..00000000
--- a/client_print.php
+++ /dev/null
@@ -1,769 +0,0 @@
-<?php include("header.php"); ?>
-
-<?php 
-
-if(isset($_GET['client_id'])){
-  $client_id = intval($_GET['client_id']);
-
-  $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN locations ON primary_location = location_id WHERE client_id = $client_id AND clients.company_id = $session_company_id");
-
-  $row = mysqli_fetch_array($sql);
-  $client_name = $row['client_name'];
-  $location_address = $row['location_address'];
-  $location_city = $row['location_city'];
-  $location_state = $row['location_state'];
-  $location_zip = $row['location_zip'];
-  $contact_name = $row['contact_name'];
-  $contact_phone = formatPhoneNumber($row['contact_phone']);
-  $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-  $contact_email = $row['contact_email'];
-  $client_website = $row['client_website'];
-
-  //Query each table and store them in their array
-  $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
-  $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
-  $sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_type ASC");
-  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
-  $sql_logins = mysqli_query($mysqli,"SELECT *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE login_client_id = $client_id ORDER BY login_name ASC");
-  $sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_client_id = $client_id ORDER BY network_name ASC");
-  $sql_domains = mysqli_query($mysqli,"SELECT * FROM domains WHERE domain_client_id = $client_id ORDER BY domain_name ASC");
-  $sql_software = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
-  $sql_invoices = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_client_id = $client_id ORDER BY invoice_number DESC");
-
-  $sql_payments = mysqli_query($mysqli,"SELECT * FROM payments, invoices, accounts
-    WHERE invoice_client_id = $client_id
-    AND payment_invoice_id = invoice_id
-    AND payment_account_id = account_id
-    ORDER BY payment_id DESC"); 
-  
-  $sql_quotes = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_client_id = $client_id ORDER BY quote_number DESC");
-
-  $sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring WHERE recurring_client_id = $client_id ORDER BY recurring_id DESC");
-
-  $sql_documents = mysqli_query($mysqli,"SELECT * FROM documents WHERE document_client_id = $client_id ORDER BY document_created_at DESC");
-
-  //Get Counts
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_client_id = $client_id"));
-  $num_contacts = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_client_id = $client_id"));
-  $num_locations = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_client_id = $client_id"));
-  $num_assets = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_client_id = $client_id"));
-  $num_vendors = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins WHERE login_client_id = $client_id"));
-  $num_logins = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks WHERE network_client_id = $client_id"));
-  $num_networks = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains WHERE domain_client_id = $client_id"));
-  $num_domains = $row['num'];
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_client_id = $client_id"));
-  $num_software = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_client_id = $client_id"));
-  $num_invoices = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"));
-  $num_payments = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes WHERE quote_client_id = $client_id"));
-  $num_quotes = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring WHERE recurring_client_id = $client_id"));
-  $num_recurring = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_client_id = $client_id"));
-  $num_documents = $row['num'];
-
-?>
-
-<!-- Breadcrumbs-->
-<ol class="breadcrumb d-print-none">
-  <li class="breadcrumb-item">
-    <a href="clients.php">Clients</a>
-  </li>
-  <li class="breadcrumb-item">
-    <a href="client.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a>
-  </li>
-  <li class="breadcrumb-item active">Print</li>
-</ol>
-
-<button class="btn btn-primary btn-sm d-print-none mb-3" onclick="window.print();"><i class="fa fa-print"></i> Print</button>
-
-<div class="row">
-  <div class="col-12">
-    <table class="table table-bordered mb-5">
-      <tr>
-        <th>Document</th>
-        <td>IT Documentation</td>
-        <th>Date</th>
-        <td><?php echo date('Y-m-d'); ?></td>
-      </tr>
-      <tr>
-        <th>Prepared By</th>
-        <td><?php echo $session_name; ?></td>
-        <th></th>
-        <th>Confidential</th>
-      </tr>
-    </table>
-  </div>
-</div>
-<div class="row">
-  <div class="col-9">
-    <h2><?php echo $client_name; ?></h2>
-    <table class="table">
-      <tr>
-        <th>Address</th>
-        <td>
-          <?php echo $location_address; ?>
-          <br>
-          <?php echo "$location_city $location_state $location_zip"; ?>
-        </td>
-      </tr>
-      <tr>
-        <th>Primary Contact</th>
-        <td><?php echo $contact_name; ?></td>
-      </tr>
-      <tr>
-        <th>Phone</th>
-        <td><?php echo $contact_phone; ?></td>
-      </tr>
-      <tr>
-        <th>Mobile</th>
-        <td><?php echo $contact_mobile; ?></td>
-      </tr>
-      <tr>      
-        <th>Email</th>
-        <td><?php echo $contact_email; ?></td>
-      </tr>
-      <tr> 
-        <th>Website</th>
-        <td><?php echo $client_website; ?></td>
-      </tr>
-      <tr>
-        <th>Net Terms</th>
-        <td><?php echo $client_net_terms; ?> Day</td>
-      </tr>
-    </table>
-  </div>
-  <div class="col-3">
-    <div class="card">
-      <div class="card-header">
-        <i class="fa fa-th"></i> Table of Contents</h6>
-      </div>
-      <div class="card-body">
-        <ul class="list-unstyled">
-          <?php if($num_contacts > 0){ ?> <li><a href="#contacts">Contacts</a></li> <?php } ?>
-          <?php if($num_locations > 0){ ?> <li><a href="#locations">Locations</a></li> <?php } ?>
-          <?php if($num_assets > 0){ ?> <li><a href="#assets">Assets</a></li> <?php } ?>
-          <?php if($num_vendors > 0){ ?> <li><a href="#vendors">Vendors</a></li> <?php } ?>
-          <?php if($num_logins > 0){ ?> <li><a href="#logins">Logins</a></li> <?php } ?>
-          <?php if($num_networks > 0){ ?> <li><a href="#networks">Networks</a></li> <?php } ?> 
-          <?php if($num_domains > 0){ ?> <li><a href="#domains">Domains</a></li> <?php } ?>
-          <?php if($num_software > 0){ ?> <li><a href="#software">Software</a></li> <?php } ?>
-          <?php if($num_invoices > 0){ ?> <li><a href="#invoices">Invoices</a></li> <?php } ?>
-          <?php if($num_payments > 0){ ?> <li><a href="#payments">Payments</a></li> <?php } ?>
-          <?php if($num_quotes > 0){ ?> <li><a href="#quotes">Quotes</a></li> <?php } ?>
-          <?php if($num_recurring > 0){ ?> <li><a href="#recurring">Recurring</a></li> <?php } ?>
-          <?php if($num_documents > 0){ ?> <li><a href="#documents">Documents</a></li> <?php } ?>
-        </ul>
-      </div>
-    </div>
-  </div>
-</div>
-
-
-<?php if($num_contacts > 0){ ?>
-
-<div id="dvContacts">
-	<h4 id="contacts">Contacts <small>(<?php echo $num_contacts; ?>)</small></h4>
-	<table class="table table-bordered table-compact table-sm mb-4">
-		<thead>
-		  <tr>
-		    <th>Name</th>
-		    <th>Title</th>
-		    <th>Email</th>
-		    <th>Phone</th>
-		    <th>Mobile</th>
-		  </tr>
-		</thead>
-		<tbody>
-		  <?php
-
-		  while($row = mysqli_fetch_array($sql_contacts)){
-		    $contact_id = $row['contact_id'];
-		    $contact_name = $row['contact_name'];
-		    $contact_title = $row['contact_title'];
-		    $contact_phone = $row['contact_phone'];
-		    if(strlen($contact_phone)>2){ 
-		      $contact_phone = substr($row['contact_phone'],0,3)."-".substr($row['contact_phone'],3,3)."-".substr($row['contact_phone'],6,4);
-		    }
-		    $contact_extension = $row['contact_extension'];
-		    if(!empty($contact_extension)){
-		      $contact_extension = "x$contact_extension";
-		    }
-		    $contact_mobile = $row['contact_mobile'];
-		    if(strlen($contact_mobile)>2){ 
-		      $contact_mobile = substr($row['contact_mobile'],0,3)."-".substr($row['contact_mobile'],3,3)."-".substr($row['contact_mobile'],6,4);
-		    }
-		    $contact_email = $row['contact_email'];
-
-		  ?>
-		  <tr>
-		    <td><?php echo $contact_name; ?></td>
-		    <td><?php echo $contact_title; ?></td>
-		    <td><?php echo $contact_email; ?></td>
-		    <td><?php echo "$contact_phone $contact_extension"; ?></td>
-		    <td><?php echo $contact_mobile; ?></td>
-		  </tr>
-
-		  <?php
-		  }
-		  ?>
-
-		</tbody>
-	</table>
-</div>
-<?php } ?>
-
-<?php if($num_locations > 0){ ?>
-<h4 id="locations">Locations <small>(<?php echo $num_locations; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Location</th>
-      <th>Address</th>
-      <th>Phone</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_locations)){
-      $location_id = $row['location_id'];
-      $location_name = $row['location_name'];
-      $location_address = $row['location_address'];
-      $location_city = $row['location_city'];
-      $location_state = $row['location_state'];
-      $location_zip = $row['location_zip'];
-      $location_phone = $row['location_phone'];
-      if(strlen($location_phone)>2){ 
-        $location_phone = substr($row['location_phone'],0,3)."-".substr($row['location_phone'],3,3)."-".substr($row['location_phone'],6,4);
-      }
-
-    ?>
-    <tr>
-      <td><?php echo $location_name; ?></td>
-      <td><?php echo "$location_address<br>$location_city $location_state $location_zip"; ?></td>
-      <td><?php echo $location_phone; ?></td>
-    </tr>
-
-    <?php
-    
-    }
-    
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
- 
-
-<?php if($num_assets > 0){ ?>
-<h4 id="assets">Assets <small>(<?php echo $num_assets; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Type</th>
-      <th>Name</th>
-      <th>Make</th>
-      <th>Model</th>
-      <th>Serial</th>
-      <th>OS</th>
-      <th>IP</th>
-      <th>MAC</th>
-      <th>Purchase Date</th>
-      <th>Warranty Expire</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_assets)){
-      $asset_id = $row['asset_id'];
-      $asset_type = $row['asset_type'];
-      $asset_name = $row['asset_name'];
-      $asset_make = $row['asset_make'];
-      $asset_model = $row['asset_model'];
-      $asset_serial = $row['asset_serial'];
-      $asset_os = $row['asset_os'];
-      $asset_ip = $row['asset_ip'];
-      $asset_mac = $row['asset_mac'];
-      $asset_purchase_date = $row['asset_purchase_date'];
-      $asset_warranty_expire = $row['asset_warranty_expire'];
-
-    ?>
-    <tr>
-      <td><?php echo $asset_type; ?></td>
-      <td><?php echo $asset_name; ?></td>
-      <td><?php echo $asset_make; ?></td>
-      <td><?php echo $asset_model; ?></td>
-      <td><?php echo $asset_serial; ?></td>
-      <td><?php echo $asset_os; ?></td>
-      <td><?php echo $asset_ip; ?></td>
-      <td><?php echo $asset_mac; ?></td>
-      <td><?php echo $asset_purchase_date; ?></td>
-      <td><?php echo $asset_warranty_expire; ?></td>
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_vendors > 0){ ?>
-<h4 id="vendors">Vendors <small>(<?php echo $num_vendors; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Vendor</th>
-      <th>Description</th>
-      <th>Contact Name</th>
-      <th>Phone</th>
-      <th>Email</th>
-      <th>Website</th>
-      <th>Account Number</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_vendors)){
-      $vendor_id = $row['vendor_id'];
-      $vendor_name = $row['vendor_name'];
-      $vendor_description = $row['vendor_description'];
-      $vendor_account_number = $row['vendor_account_number'];
-      $vendor_contact_name = $row['vendor_contact_name'];
-      $vendor_phone = $row['vendor_phone'];
-      if(strlen($vendor_phone)>2){ 
-        $vendor_phone = substr($row['vendor_phone'],0,3)."-".substr($row['vendor_phone'],3,3)."-".substr($row['vendor_phone'],6,4);
-      }
-      $vendor_email = $row['vendor_email'];
-      $vendor_website = $row['vendor_website'];
-
-    ?>
-    <tr>
-      <td><?php echo $vendor_name; ?></td>
-      <td><?php echo $vendor_description; ?></td>
-      <td><?php echo $vendor_contact_name; ?></td>
-      <td><?php echo $vendor_phone; ?></td>
-      <td><?php echo $vendor_email; ?></td>
-      <td><?php echo $vendor_website; ?></td>
-      <td><?php echo $vendor_account_number; ?></td>
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_logins > 0){ ?>
-<h4 id="logins">Logins <small>(<?php echo $num_logins; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Name</th>
-      <th>URL/Host</th>
-      <th>Username</th>
-      <th>Password</th>
-      
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_logins)){
-      $login_id = $row['login_id'];
-      $login_name = $row['login_name'];
-      $login_username = $row['login_username'];
-      $login_password = $row['login_password'];
-      $login_uri = $row['login_uri'];
-
-    ?>
-    <tr>
-      <td><?php echo $login_name; ?></td>
-      <td><?php echo $login_uri; ?></td>
-      <td><?php echo $login_username; ?></td>
-      <td><?php echo $login_password; ?></td>
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_networks > 0){ ?>
-<h4 id="networks">Networks <small>(<?php echo $num_networks; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Name</th>
-      <th>vLAN</th>
-      <th>Network</th>
-      <th>Gateway</th>
-      <th>DHCP Range</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_networks)){
-      $network_id = $row['network_id'];
-      $network_name = $row['network_name'];
-      $network_vlan = $row['network_vlan'];
-      $network = $row['network'];
-      $network_gateway = $row['network_gateway'];
-      $network_dhcp_range = $row['network_dhcp_range'];
-
-
-    ?>
-    <tr>
-      <td><?php echo $network_name; ?></td>
-      <td><?php echo $network_vlan; ?></td>
-      <td><?php echo $network; ?></td>
-      <td><?php echo $network_gateway; ?></td>
-      <td><?php echo $network_dhcp_range; ?></td>
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_domains > 0){ ?>
-<h4 id="domains">Domains <small>(<?php echo $num_domains; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Domain</th>
-      <th>Registrar</th>
-      <th>Webhost</th>
-      <th>Expire</th>
-      
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_domains)){
-      $domain_id = $row['domain_id'];
-      $domain_name = $row['domain_name'];
-      $domain_registrar = $row['domain_registrar'];
-      $domain_webhost = $row['domain_webhost'];
-      $domain_expire = $row['domain_expire'];
-
-      if(!empty($domain_registrar)){
-        $sql_domain_registrar = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_registrar");
-        $row = mysqli_fetch_array($sql_domain_registrar);
-        $domain_registrar = $row['vendor_name'];
-      }else{
-        $domain_registrar = "-";
-      }
-
-      if(!empty($domain_webhost)){
-        $sql_domain_webhost = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
-        $row = mysqli_fetch_array($sql_domain_webhost);
-        $domain_webhost = $row['vendor_name'];
-      }else{
-        $domain_webhost = "-";
-      }
-      
-
-    ?>
-    <tr>
-      <td><?php echo $domain_name; ?></td>
-      <td><?php echo $domain_registrar; ?></td>
-      <td><?php echo $domain_webhost; ?></td>
-      <td><?php echo $domain_expire; ?></td>
-      
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_software > 0){ ?>
-<h4 id="software">Software <small>(<?php echo $num_software; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Software</th>
-      <th>Type</th>
-      <th>License</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_software)){
-      $software_id = $row['software_id'];
-      $software_name = $row['software_name'];
-      $software_type = $row['software_type'];
-      $software_license = $row['software_license'];
-
-    ?>
-    <tr>
-      <td><?php echo $software_name; ?></td>
-      <td><?php echo $software_type; ?></td>
-      <td><?php echo $software_license; ?></td>
-    </tr>
-
-    <?php
-    }
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_invoices > 0){ ?>
-<h4 id="invoices">Invoices <small>(<?php echo $num_invoices; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Number</th>
-      <th class="text-right">Amount</th>
-      <th>Date</th>
-      <th>Due</th>
-      <th>Status</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_invoices)){
-      $invoice_id = $row['invoice_id'];
-      $invoice_prefix = $row['invoice_prefix'];
-      $invoice_number = $row['invoice_number'];
-      $invoice_status = $row['invoice_status'];
-      $invoice_date = $row['invoice_date'];
-      $invoice_due = $row['invoice_due'];
-      $invoice_amount = $row['invoice_amount'];
-
-    ?>
-
-    <tr>
-      <td><?php echo "$invoice_prefix$invoice_number"; ?></td>
-      <td class="text-right">$<?php echo number_format($invoice_amount,2); ?></td>
-      <td><?php echo $invoice_date; ?></td>
-      <td><?php echo $invoice_due; ?></td>
-      <td><?php echo $invoice_status; ?></td>
-    </tr>
-
-    <?php
-
-    }
-
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_payments > 0){ ?>
-<h4 id="payments">Payments <small>(<?php echo $num_payments; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Date Received</th>
-      <th>Date Due</th>
-      <th>Invoice</th>
-      <th class="text-right">Invoice Amount</th>
-      <th class="text-right">Amount Payed</th>
-      <th class="text-right">Invoice Balance</th>
-      <th>Payment Method</th>
-      <th>Check #</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_payments)){
-      $invoice_id = $row['invoice_id'];
-      $invoice_prefix = $row['invoice_prefix'];
-      $invoice_number = $row['invoice_number'];
-      $invoice_status = $row['invoice_status'];
-      $invoice_amount = $row['invoice_amount'];
-      $invoice_due = $row['invoice_due'];
-      $payment_date = $row['payment_date'];
-      $payment_amount = $row['payment_amount'];
-      $payment_method = $row['payment_method'];
-      $payment_reference = $row['payment_reference'];
-      $account_name = $row['account_name'];
-      $invoice_balance = $invoice_amount - $payment_amount;
-
-    ?>
-
-    <tr>
-      <td><?php echo $payment_date; ?></td>
-      <td><?php echo $invoice_due; ?></td>
-      <td><?php echo "$invoice_prefix$invoice_number"; ?></td>
-      <td class="text-right">$<?php echo number_format($invoice_amount,2); ?></td>
-      <td class="text-right">$<?php echo number_format($payment_amount,2); ?></td>
-      <td class="text-right">$<?php echo number_format($invoice_balance,2); ?></td>
-      <td><?php echo $payment_method; ?></td>
-      <td><?php echo $payment_reference; ?></td>
-    </tr>
-
-    <?php
-
-    }
-
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_quotes > 0){ ?>
-<h4 id="quotes">Quotes <small>(<?php echo $num_quotes; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Number</th>
-      <th class="text-right">Amount</th>
-      <th>Date</th>
-      <th>Status</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_quotes)){
-      $quote_id = $row['quote_id'];
-      $quote_prefix = $row['quote_prefix'];
-      $quote_number = $row['quote_number'];
-      $quote_status = $row['quote_status'];
-      $quote_date = $row['quote_date'];
-      $quote_amount = $row['quote_amount'];
-
-    ?>
-
-    <tr>
-      <td><?php echo $quote_number; ?></td>
-      <td class="text-right">$<?php echo number_format($quote_amount,2); ?></td>
-      <td><?php echo $quote_date; ?></td>
-      <td><?php echo $quote_status; ?></td>
-    </tr>
-
-    <?php
-
-    }
-
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_recurring > 0){ ?>
-<h4 id="recurring">Recurring Invoices <small>(<?php echo $num_recurring; ?>)</small></h4>
-<table class="table table-bordered table-sm mb-4">
-  <thead>
-    <tr>
-      <th>Frequency</th>
-      <th>Created</th>
-      <th>Last Sent</th>
-      <th>Next Date</th>
-      <th>Status</th>
-    </tr>
-  </thead>
-  <tbody>
-    <?php
-
-    while($row = mysqli_fetch_array($sql_recurring)){
-      $recurring_id = $row['recurring_id'];
-      $recurring_frequency = $row['recurring_frequency'];
-      $recurring_status = $row['recurring_status'];
-      $recurring_created_at = $row['recurring_created_at'];
-      $recurring_last_sent = $row['recurring_last_sent'];
-      if($recurring_last_sent == 0){
-        $recurring_last_sent = "-";
-      }
-      $recurring_next_date = $row['recurring_next_date'];
-      if($recurring_status == 1){
-        $status_display = "Active";
-      }else{
-        $status_display = "Inactive";
-      }
-
-    ?>
-
-    <tr>
-      <td><?php echo ucwords($recurring_frequency); ?>ly</td>
-      <td><?php echo $recurring_created_at; ?></td>
-      <td><?php echo $recurring_last_sent; ?></td>
-      <td><?php echo $recurring_next_date; ?></td>
-      <td><?php echo $status_display; ?></td>
-    </tr>
-
-    <?php
-
-    }
-
-    ?>
-
-  </tbody>
-</table>
-<?php } ?>
-
-
-<?php if($num_documents > 0){ ?>
-<h4 id="documents">Documents <small>(<?php echo $num_documents; ?>)</small></h4>
-<hr>
-
-<?php
-
-while($row = mysqli_fetch_array($sql_documents)){
-  $document_id = $row['document_id'];
-  $document_name = $row['document_name'];
-  $document_details = $row['document_details'];
-
-?>
-<h6><?php echo $document_name; ?></h6>
-<hr>
-<p class="mb-4"><?php echo $document_details; ?></p>
-
-<?php } ?>
-
-<?php } ?>
-
-
-<?php } ?>
-
-<?php include("footer.php");
diff --git a/client_quotes.php b/client_quotes.php
index 53f367b5..0b76369d 100644
--- a/client_quotes.php
+++ b/client_quotes.php
@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Quotes">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_recurring_invoices.php b/client_recurring_invoices.php
index 523d8c11..41932b22 100644
--- a/client_recurring_invoices.php
+++ b/client_recurring_invoices.php
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php
index bb2392b4..b0c192be 100644
--- a/client_scheduled_tickets.php
+++ b/client_scheduled_tickets.php
@@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_service_view_modal.php b/client_service_view_modal.php
index c6676728..aadc7b1a 100644
--- a/client_service_view_modal.php
+++ b/client_service_view_modal.php
@@ -41,7 +41,7 @@
                                     }
                                     ?>
                                 </ul>
-                            <?php
+                                <?php
                             }
                             ?>
 
@@ -69,18 +69,16 @@
                                 if(!empty($networks)){ ?>
                                     <h5><i class="nav-icon fas fa-network-wired"></i> Networks</h5>
                                     <ul>
-                                <?php
+                                    <?php
                                 }
                                 foreach($networks as $network){
-                                        $network = explode(":", $network);
-                                        echo "<li><a href=\"client_networks.php?client_id=$client_id&q=$network[0]\">$network[0] </a>(VLAN $network[1])</li>";
+                                    $network = explode(":", $network);
+                                    echo "<li><a href=\"client_networks.php?client_id=$client_id&q=$network[0]\">$network[0] </a>(VLAN $network[1])</li>";
                                 }
 
-                                // Not showing/haven't added explicitly linked networks - can't see a need for a network that doesn't have an asset on it?
-                                // Can add at a later date if there is a use case for this
                                 ?>
                                 </ul>
-                            <?php
+                                <?php
                             }
                             ?>
 
@@ -110,7 +108,7 @@
                                     <?php
                                 }
                                 foreach($location_names as $location){
-                                        echo "<li><a href=\"client_locations.php?client_id=$client_id&q=$location\">$location</a></li>";
+                                    echo "<li><a href=\"client_locations.php?client_id=$client_id&q=$location\">$location</a></li>";
                                 }
                                 ?>
                                 </ul>
@@ -284,14 +282,14 @@
                             }
                             ?>
 
-<!--                            <h5><i class="nav-icon fas fa-file-alt"></i> Services</h5>-->
-<!--                            <ul>-->
-<!--                                <li>Related Service - Coming soon!</li>-->
-<!--                            </ul>-->
+                            <!--                            <h5><i class="nav-icon fas fa-file-alt"></i> Services</h5>-->
+                            <!--                            <ul>-->
+                            <!--                                <li>Related Service - Coming soon!</li>-->
+                            <!--                            </ul>-->
 
                         </div>
+                    </div>
                 </div>
             </div>
         </div>
-    </div>
-</div>
\ No newline at end of file
+    </div>
\ No newline at end of file
diff --git a/client_services.php b/client_services.php
index 774ee229..679d6dde 100644
--- a/client_services.php
+++ b/client_services.php
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <form autocomplete="off">
         <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
         <div class="input-group">
-          <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services">
+          <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Services">
           <div class="input-group-append">
             <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
           </div>
diff --git a/client_shared_items.php b/client_shared_items.php
index b99df38e..c5fc9d6e 100644
--- a/client_shared_items.php
+++ b/client_shared_items.php
@@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
           <div class="col-md-4">
             <div class="input-group mb-3 mb-md-0">
-              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Shared Items">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Shared Items">
               <div class="input-group-append">
                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
               </div>
diff --git a/client_software.php b/client_software.php
index 71c21061..9fa941b3 100644
--- a/client_software.php
+++ b/client_software.php
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_test.php b/client_test.php
deleted file mode 100644
index 17719195..00000000
--- a/client_test.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php include("inc_all_client.php"); ?>
-
-<?php
-
-echo $client_id;
-
-?>
-
-<?php include("footer.php"); ?>
\ No newline at end of file
diff --git a/client_tickets.php b/client_tickets.php
index d83a96c1..77996b3e 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_trips.php b/client_trips.php
index 48d52e06..deaf15f3 100644
--- a/client_trips.php
+++ b/client_trips.php
@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Trips">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_vendors.php b/client_vendors.php
index c01cf6a7..dd2c78d4 100644
--- a/client_vendors.php
+++ b/client_vendors.php
@@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Vendors">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/clients.php b/clients.php
index 99f2403c..3d8c42b9 100644
--- a/clients.php
+++ b/clients.php
@@ -119,7 +119,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo stripslashes(htmlentities($query));} ?>" placeholder="Search Clients" autofocus>
+            <input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo strip_tags(htmlentities($query));} ?>" placeholder="Search Clients" autofocus>
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/companies.php b/companies.php
index f6bb7d5e..ca3964ca 100644
--- a/companies.php
+++ b/companies.php
@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
     <hr>
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Companies">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/cron.php b/cron.php
index 62065466..aaca58bb 100644
--- a/cron.php
+++ b/cron.php
@@ -1,5 +1,5 @@
-<?php include("config.php"); ?>
-<?php include("functions.php"); ?>
+<?php require_once("config.php"); ?>
+<?php require_once("functions.php"); ?>
 <?php
 
 ?>
@@ -58,10 +58,10 @@ while($row = mysqli_fetch_array($sql_companies)){
 
       while($row = mysqli_fetch_array($sql)){
         $domain_id = $row['domain_id'];
-        $domain_name = $row['domain_name'];
+        $domain_name = mysqli_real_escape_string($mysqli,$row['domain_name']);
         $domain_expire = $row['domain_expire'];
         $client_id = $row['client_id'];
-        $client_name = $row['client_name'];
+        $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
 
         mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Domain', notification = 'Domain $domain_name for $client_name will expire in $day Days on $domain_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
 
@@ -75,7 +75,7 @@ while($row = mysqli_fetch_array($sql_companies)){
 
     foreach($certificateAlertArray as $day){
 
-      //Get Domains Expiring
+      //Get Certs Expiring
       $sql = mysqli_query($mysqli,"SELECT * FROM certificates
         LEFT JOIN clients ON certificate_client_id = client_id 
         WHERE certificate_expire = CURDATE() + INTERVAL $day DAY
@@ -84,11 +84,11 @@ while($row = mysqli_fetch_array($sql_companies)){
 
       while($row = mysqli_fetch_array($sql)){
         $certificate_id = $row['certificate_id'];
-        $certificate_name = $row['certificate_name'];
+        $certificate_name = mysqli_real_escape_string($mysqli,$row['certificate_name']);
         $certificate_domain = $row['certificate_domain'];
         $certificate_expire = $row['certificate_expire'];
         $client_id = $row['client_id'];
-        $client_name = $row['client_name'];
+        $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
 
         mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Certificate', notification = 'Certificate $certificate_name for $client_name will expire in $day Days on $certificate_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
 
@@ -111,10 +111,10 @@ while($row = mysqli_fetch_array($sql_companies)){
 
       while($row = mysqli_fetch_array($sql)){
         $asset_id = $row['asset_id'];
-        $asset_name = $row['asset_name'];
+        $asset_name = mysqli_real_escape_string($mysqli,$row['asset_name']);
         $asset_warranty_expire = $row['asset_warranty_expire'];
         $client_id = $row['client_id'];
-        $client_name = $row['client_name'];
+        $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
 
         mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Asset', notification = 'Asset $asset_name warranty for $client_name will expire in $day Days on $asset_warranty_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
 
@@ -134,8 +134,8 @@ while($row = mysqli_fetch_array($sql_companies)){
     if(mysqli_num_rows($sql_scheduled_tickets) > 0){
       while($row = mysqli_fetch_array($sql_scheduled_tickets)){
         $schedule_id = $row['scheduled_ticket_id'];
-        $subject = $row['scheduled_ticket_subject'];
-        $details = $row['scheduled_ticket_details'];
+        $subject = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_subject']);
+        $details = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_details']);
         $priority = $row['scheduled_ticket_priority'];
         $frequency = strtolower($row['scheduled_ticket_frequency']);
         $created_id = $row['scheduled_ticket_created_by'];
@@ -225,7 +225,7 @@ while($row = mysqli_fetch_array($sql_companies)){
         $invoice_amount = $row['invoice_amount'];
         $invoice_currency_code = $row['invoice_currency_code'];
         $client_id = $row['client_id'];
-        $client_name = $row['client_name'];
+        $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
         $contact_name = $row['contact_name'];
         $contact_email = $row['contact_email'];
 
diff --git a/expenses.php b/expenses.php
index 196ec06a..b2358396 100644
--- a/expenses.php
+++ b/expenses.php
@@ -83,7 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Expenses">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/guest_download_file.php b/guest_download_file.php
index b3d8c253..46c114bf 100644
--- a/guest_download_file.php
+++ b/guest_download_file.php
@@ -44,7 +44,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
         exit("No file.");
     }
 
-    $file_name = $file_row['file_name'];
+    $file_name = strip_tags(mysqli_real_escape_string($mysqli, $file_row['file_name']));
     $file_ext = $file_row['file_ext'];
     $file_reference_name = $file_row['file_reference_name'];
     $client_id = $file_row['file_client_id'];
@@ -54,7 +54,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
     // Display file as download
     $mime_type = mime_content_type($file_path);
     header('Content-type: '.$mime_type);
-    header('Content-Disposition: attachment; filename=download.' .$file_ext);
+    header('Content-Disposition: attachment; filename=download.' . $file_ext);
     readfile($file_path);
 
     // Update file view count
@@ -62,7 +62,7 @@ if(isset($_GET['id']) && isset($_GET['key'])){
     mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
 
     // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 
 }
\ No newline at end of file
diff --git a/guest_pay_invoice.php b/guest_pay_invoice.php
index 10c992ec..dd97f9b6 100644
--- a/guest_pay_invoice.php
+++ b/guest_pay_invoice.php
@@ -1,5 +1,8 @@
 <?php 
 
+// Still in development, for use with Stripe Pay - exit
+exit();
+
 include("config.php");
 
 session_start();
diff --git a/guest_view_item.php b/guest_view_item.php
index dab808aa..adf29c7c 100644
--- a/guest_view_item.php
+++ b/guest_view_item.php
@@ -76,7 +76,8 @@ if($item_type == "Document"){
     mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
 
     // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
+    $name = mysqli_real_escape_string($mysqli, $doc_title);
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 }elseif($item_type == "File"){
     $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
@@ -135,7 +136,8 @@ if($item_type == "Document"){
     mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
 
     // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
+    $name = mysqli_real_escape_string($mysqli, $login_name);
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 }
 
diff --git a/header.php b/header.php
index c3f9b094..e4eefec3 100644
--- a/header.php
+++ b/header.php
@@ -29,7 +29,6 @@ header("X-Frame-Options: DENY");
   <link href="plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
   <link href="plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
   <link href="plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
-  <!-- <link href='plugins/fullcalendar/main.min.css' rel='stylesheet' /> -->
   <link href='plugins/daterangepicker/daterangepicker.css' rel='stylesheet' />
   <link href="plugins/summernote/summernote-bs4.min.css" rel="stylesheet">
   <link href="plugins/toastr/toastr.min.css" rel="stylesheet">
diff --git a/inc_all_settings.php b/inc_all_settings.php
index d41672b6..ae21679b 100644
--- a/inc_all_settings.php
+++ b/inc_all_settings.php
@@ -4,12 +4,7 @@ include("config.php");
 include_once("functions.php");
 include("check_login.php");
 
-if($session_user_role != 3){
-  $_SESSION['alert_type'] = "danger";
-  $_SESSION['alert_message'] = "You are not permitted to do that!";
-  header("Location: index.php");
-  exit();
-}
+validateAdminRole();
 
 include("header.php");
 include("top_nav.php");
diff --git a/invoices.php b/invoices.php
index 99dfc925..c909687d 100644
--- a/invoices.php
+++ b/invoices.php
@@ -205,7 +205,7 @@
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Invoices">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/login.php b/login.php
index 88a5c64b..ffe4e853 100644
--- a/login.php
+++ b/login.php
@@ -59,12 +59,12 @@ if(isset($_POST['login'])){
 
             // User variables
             $token = $row['user_token'];
-            $user_name = $row['user_name'];
+            $user_name = strip_tags(mysqli_real_escape_string($mysqli, $row['user_name']));
             $user_id = $row['user_id'];
 
             // Session info
-            $_SESSION['user_id'] = $row['user_id'];
-            $_SESSION['user_name'] = $row['user_name'];
+            $_SESSION['user_id'] = $user_id;
+            $_SESSION['user_name'] = $user_name;
             $_SESSION['user_role'] = $row['user_role'];
             $_SESSION['csrf_token'] = bin2hex(random_bytes(78));
 
diff --git a/logs.php b/logs.php
index c0195480..d122509b 100644
--- a/logs.php
+++ b/logs.php
@@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search audit logs">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/notifications_dismissed.php b/notifications_dismissed.php
index e7ac7974..2537bd68 100644
--- a/notifications_dismissed.php
+++ b/notifications_dismissed.php
@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/payments.php b/payments.php
index 0d529e1c..0595198d 100644
--- a/payments.php
+++ b/payments.php
@@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Payments">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/portal/check_login.php b/portal/check_login.php
index e0a6cfe1..bcb5a523 100644
--- a/portal/check_login.php
+++ b/portal/check_login.php
@@ -36,10 +36,10 @@ $session_company_id = $_SESSION['company_id'];
 $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
 $contact = mysqli_fetch_array($contact_sql);
 
-$session_contact_name = $contact['contact_name'];
+$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_name']));
 $session_contact_initials = initials($session_contact_name);
-$session_contact_title = $contact['contact_title'];
-$session_contact_email = $contact['contact_email'];
+$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_title']));
+$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_email']));
 $session_contact_photo = $contact['contact_photo'];
 
 // Get client info
diff --git a/portal/index.php b/portal/index.php
index 50f5858c..9f20d98e 100644
--- a/portal/index.php
+++ b/portal/index.php
@@ -86,11 +86,17 @@ $total_tickets = $row['total_tickets'];
           <tbody>
 
             <?php
-            while ($ticket = mysqli_fetch_array($contact_tickets)) {
+            while ($row = mysqli_fetch_array($contact_tickets)) {
+                $ticket_id = $row['ticket_id'];
+                $ticket_prefix = htmlentities($row['ticket_prefix']);
+                $ticket_number = $row['ticket_number'];
+                $ticket_subject = htmlentities($row['ticket_subject']);
+                $ticket_status = htmlentities($row['ticket_status']);
+
                 echo "<tr>";
-                echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
-                echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
-                echo "<td>$ticket[ticket_status]</td>";
+                echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_number</a></td>";
+                echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_subject</a></td>";
+                echo "<td>$ticket_status</td>";
                 echo "</tr>";
             }
             ?>
diff --git a/portal/login.php b/portal/login.php
index bf25864b..b3ef5f66 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -24,7 +24,7 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_
 
 $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
 $settings = mysqli_fetch_array($sql_settings);
-$client_id = $settings['config_azure_client_id'];
+$azure_client_id = $settings['config_azure_client_id'];
 
 $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
 $company_results = mysqli_fetch_array($company_sql);
@@ -131,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
             </form>
 
             <?php
-            if (!empty($client_id)) { ?>
+            if (!empty($azure_client_id)) { ?>
                 <hr>
                 <div class="col text-center">
                     <button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
diff --git a/portal/login_reset.php b/portal/login_reset.php
index d78cdec3..e9cf0888 100644
--- a/portal/login_reset.php
+++ b/portal/login_reset.php
@@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
         $company = $row['company_id'];
 
         if ($row['contact_email'] == $email) {
-            $token = key32gen();
+            $token = bin2hex(random_bytes(78));
             $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
             mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
             mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
@@ -59,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 
             // Send reset email
             $subject = "Password reset for $company_name ITFlow Portal";
-            $body    = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
+            $body    = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser:<br> $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
 
             $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
                 $config_mail_from_email, $config_mail_from_name,
diff --git a/portal/ticket.php b/portal/ticket.php
index 1e50b74c..918d7cca 100644
--- a/portal/ticket.php
+++ b/portal/ticket.php
@@ -15,18 +15,28 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
         $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
     }
 
-    $ticket = mysqli_fetch_array($ticket_sql);
+    $ticket_row = mysqli_fetch_array($ticket_sql);
+
+    if ($ticket_row) {
+
+        $ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
+        $ticket_number = $ticket_row['ticket_number'];
+        $ticket_status = htmlentities($ticket_row['ticket_status']);
+        $ticket_priority = htmlentities($ticket_row['ticket_priority']);
+        $ticket_subject = htmlentities($ticket_row['ticket_subject']);
+        $ticket_details = $ticket_row['ticket_details'];
+        $ticket_feedback = htmlentities($ticket_row['ticket_feedback']);
+
 
-    if ($ticket) {
         ?>
 
         <nav class="navbar navbar-dark bg-dark">
 
-            <i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a>
+            <i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket_prefix, $ticket_number ?></a>
 
             <span class="navbar-text">
       <?php
-      if ($ticket['ticket_status'] !== "Closed") { ?>
+      if ($ticket_status !== "Closed") { ?>
           <button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i>  Close ticket</a></button>
       <?php } ?>
     </span>
@@ -35,39 +45,39 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
 
         <div class="card">
             <div class="card-header">
-                <h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3>
+                <h3 class="card-title"><b>Subject:</b> <?php echo $ticket_subject ?></h3>
             </div>
             <div class="card-body">
                 <p>
-                    <b>State:</b> <?php echo $ticket['ticket_status'] ?>
+                    <b>State:</b> <?php echo $ticket_status ?>
                     <br>
-                    <b>Priority:</b> <?php echo $ticket['ticket_priority'] ?>
+                    <b>Priority:</b> <?php echo $ticket_priority ?>
                 </p>
-                <b>Issue:</b> <?php echo $ticket['ticket_details'] ?>
+                <b>Issue:</b> <?php echo $ticket_details ?>
             </div>
         </div>
 
 
         <!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
 
-        <?php if ($ticket['ticket_status'] !== "Closed") { ?>
+        <?php if ($ticket_status !== "Closed") { ?>
             <div class="form-group">
                 <form action="portal_post.php" method="post">
                     <div class="form-group">
                         <textarea class="form-control" name="comment" placeholder="Add comments.."></textarea>
                     </div>
-                    <input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
+                    <input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
                     <button type="submit" class="btn btn-primary" name="add_ticket_comment">Save reply</button>
                 </form>
             </div>
         <?php }
 
-        elseif (empty($ticket['ticket_feedback'])) { ?>
+        elseif (empty($ticket_feedback)) { ?>
 
             <h4>Rate your ticket</h4>
 
             <form action="portal_post.php" method="post">
-                <input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
+                <input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
 
                 <button type="submit" class="btn btn-primary btn-lg" name="add_ticket_feedback" value="Good" onclick="this.form.submit()">
                     <span class="fa fa-smile" aria-hidden="true"></span> Good
@@ -82,7 +92,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
 
         else { ?>
 
-            <h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4>
+            <h4>Rated <?php echo $ticket_feedback ?> -- Thanks for your feedback!</h4>
 
         <?php } ?>
 
@@ -102,12 +112,12 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
             $ticket_reply_type = $row['ticket_reply_type'];
 
             if ($ticket_reply_type == "Client") {
-                $ticket_reply_by_display = $row['contact_name'];
+                $ticket_reply_by_display = htmlentities($row['contact_name']);
                 $user_initials = initials($row['contact_name']);
                 $user_avatar = $row['contact_photo'];
                 $avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
             } else {
-                $ticket_reply_by_display = $row['user_name'];
+                $ticket_reply_by_display = htmlentities($row['user_name']);
                 $user_id = $row['user_id'];
                 $user_avatar = $row['user_avatar'];
                 $user_initials = initials($row['user_name']);
diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php
index 7dc48a2a..2166e3fd 100644
--- a/portal/ticket_view_all.php
+++ b/portal/ticket_view_all.php
@@ -55,12 +55,19 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
         <tbody>
 
         <?php
-        while ($ticket = mysqli_fetch_array($all_tickets)) {
+        while ($row = mysqli_fetch_array($all_tickets)) {
+            $ticket_id = $row['ticket_id'];
+            $ticket_prefix = htmlentities($row['ticket_prefix']);
+            $ticket_number = $row['ticket_number'];
+            $ticket_subject = htmlentities($row['ticket_subject']);
+            $ticket_status = htmlentities($row['ticket_status']);
+            $ticket_contact_name = htmlentities($row['contact_name']);
+            
             echo "<tr>";
-            echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
-            echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
-            echo "<td>$ticket[contact_name]</td>";
-            echo "<td>$ticket[ticket_status]</td>";
+            echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";
+            echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_subject</a></td>";
+            echo "<td>$ticket_contact_name</td>";
+            echo "<td>$ticket_status</td>";
             echo "</tr>";
         }
         ?>
diff --git a/post.php b/post.php
index ae73c78c..fa9407e3 100644
--- a/post.php
+++ b/post.php
@@ -53,7 +53,7 @@ if(isset($_POST['add_user'])){
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
     $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
-    $user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['password']); //TODO: Consider this users role - if they don't need access to logins, potentially don't set this -- just know it's a pain to add afterwards (you'd need to reset their password).
+    $user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['password']);
     $default_company = intval($_POST['default_company']);
     $role = intval($_POST['role']);
 
@@ -115,10 +115,10 @@ if(isset($_POST['add_user'])){
     mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
 
     // Send user e-mail, if specified
-    if(isset($_POST['send_email']) && !empty($config_smtp_host)){
+    if(isset($_POST['send_email']) && !empty($config_smtp_host) && filter_var($email, FILTER_VALIDATE_EMAIL)){
 
         $subject = "Your new $session_company_name ITFlow account";
-        $body = "Hello, $name<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $_POST[password]<br>Login URL: $config_base_url<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email";
+        $body = "Hello, $name<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $_POST[password]<br>Login URL: https://$config_base_url<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email";
 
         $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
           $config_ticket_from_email, $config_ticket_from_name,
@@ -145,13 +145,6 @@ if(isset($_POST['edit_user'])){
 
     validateAdminRole();
 
-    if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
-      $_SESSION['alert_type'] = "error";
-      $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
-      header("Location: " . $_SERVER["HTTP_REFERER"]);
-      exit();
-    }
-
     // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
@@ -246,17 +239,10 @@ if(isset($_POST['edit_user'])){
 
 if(isset($_POST['edit_profile'])){
 
-    if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
-      $_SESSION['alert_type'] = "error";
-      $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
-      header("Location: " . $_SERVER["HTTP_REFERER"]);
-      exit();
-    }
-
     // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
-    $user_id = intval($_POST['user_id']);
+    $user_id = $session_user_id;
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
     $new_password = trim($_POST['new_password']);
@@ -741,9 +727,6 @@ if(isset($_GET['delete_company'])){
     mysqli_query($mysqli,"DELETE FROM tickets WHERE company_id = $company_id");
     mysqli_query($mysqli,"DELETE FROM ticket_replies WHERE company_id = $company_id");
     
-    // TODO ticket views is missing company_id
-    // mysqli_query($mysqli,"DELETE FROM ticket_views WHERE company_id = $company_id");
-    
     mysqli_query($mysqli,"DELETE FROM transfers WHERE company_id = $company_id");
     mysqli_query($mysqli,"DELETE FROM trips WHERE company_id = $company_id");
     mysqli_query($mysqli,"DELETE FROM user_companies WHERE company_id = $company_id");
@@ -1047,6 +1030,9 @@ if(isset($_POST['edit_module_settings'])){
 
 if(isset($_POST['enable_2fa'])){
 
+    // CSRF Check
+    validateCSRFToken($_POST['csrf_token']);
+
     $token = mysqli_real_escape_string($mysqli,$_POST['token']);
 
     mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id");
@@ -1062,6 +1048,9 @@ if(isset($_POST['enable_2fa'])){
 
 if(isset($_POST['disable_2fa'])){
 
+    // CSRF Check
+    validateCSRFToken($_POST['csrf_token']);
+
     mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
 
     //Logging
@@ -1155,6 +1144,7 @@ if(isset($_GET['download_database'])){
 
 if(isset($_POST['backup_master_key'])){
 
+    validateCSRFToken($_POST['csrf_token']);
     validateAdminRole();
 
     $password = $_POST['password'];
@@ -1367,7 +1357,7 @@ if(isset($_POST['edit_client'])){
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "Client <strong>".stripslashes($client_name)."</strong> updated";
+    $_SESSION['alert_message'] = "Client <strong>".htmlentities($client_name)."</strong> updated";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
@@ -1389,7 +1379,7 @@ if(isset($_GET['archive_client'])){
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Archive', log_description = '$session_name archived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
 
     $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Client ".stripslashes($client_name)." archive. <a href='post.php?undo_archive_client=$client_id'>Undo</a>";
+    $_SESSION['alert_message'] = "Client ".htmlentities($client_name)." archived. <a href='post.php?undo_archive_client=$client_id'>Undo</a>";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
@@ -1408,7 +1398,7 @@ if(isset($_GET['undo_archive_client'])){
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Undo Archive', log_description = '$session_name unarchived client $client_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "Client ".stripslashes($client_name)." unarchived.";
+    $_SESSION['alert_message'] = "Client ".htmlentities($client_name)." unarchived.";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
@@ -4009,7 +3999,7 @@ if(isset($_GET['archive_contact'])){
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Archive', log_description = '$session_name archived contact $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $contact_id, company_id = $session_company_id");
 
     $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Contact ".stripslashes($contact_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
+    $_SESSION['alert_message'] = "Contact ".htmlentities($contact_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 
@@ -4407,7 +4397,7 @@ if(isset($_GET['archive_location'])){
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Archive', log_description = '$session_name archived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
 
     $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Location ".stripslashes($location_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
+    $_SESSION['alert_message'] = "Location ".htmlentities($location_name)." archived. <a href='post.php?undo_archive_location=$location_id'>Undo</a>";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 
@@ -4428,7 +4418,7 @@ if(isset($_GET['undo_archive_location'])){
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Location', log_action = 'Undo Archive', log_description = '$session_name unarchived location $location_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "Location ".stripslashes($location_name)." unarchived.";
+    $_SESSION['alert_message'] = "Location ".htmlentities($location_name)." unarchived.";
     
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
diff --git a/products.php b/products.php
index b933c8b1..463919fa 100644
--- a/products.php
+++ b/products.php
@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Products">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Products">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/quotes.php b/quotes.php
index e3b4bd99..317beedd 100644
--- a/quotes.php
+++ b/quotes.php
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Quotes">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Quotes">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/recurring_invoices.php b/recurring_invoices.php
index 83249d98..46ac3695 100644
--- a/recurring_invoices.php
+++ b/recurring_invoices.php
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Recurring Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Recurring Invoices">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/revenues.php b/revenues.php
index 4bb36508..496cdad3 100644
--- a/revenues.php
+++ b/revenues.php
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Revenues">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Revenues">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/scheduled_tickets.php b/scheduled_tickets.php
index aad30880..7340a650 100644
--- a/scheduled_tickets.php
+++ b/scheduled_tickets.php
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Scheduled Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Scheduled Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/settings_api.php b/settings_api.php
index a5a6557d..4ea26769 100644
--- a/settings_api.php
+++ b/settings_api.php
@@ -29,7 +29,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search keys">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search keys">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/settings_backup.php b/settings_backup.php
index 632b6ad6..312e1fe3 100644
--- a/settings_backup.php
+++ b/settings_backup.php
@@ -18,6 +18,7 @@
     <div class="card-body">
         <center>
             <form action="post.php" method="POST">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
                 <div class="input-group col-4">
                     <div class="input-group-prepend">
                         <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
diff --git a/settings_tags.php b/settings_tags.php
index 5634f28b..e86685b3 100644
--- a/settings_tags.php
+++ b/settings_tags.php
@@ -51,7 +51,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
       <div class="col-sm-4 mb-2">
         <form autocomplete="off">  
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tags">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Tags">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/test_client_header.php b/test_client_header.php
deleted file mode 100644
index d67c127c..00000000
--- a/test_client_header.php
+++ /dev/null
@@ -1,293 +0,0 @@
-<?php include("config.php"); ?>
-<?php include("functions.php"); ?>
-<?php include("check_login.php"); ?>
-<?php include("header.php"); ?>
-<?php include("top_nav.php"); ?>
-
-
-<?php 
-
-if(isset($_GET['client_id'])){
-  $client_id = intval($_GET['client_id']);
-
-  $sql = mysqli_query($mysqli,"UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id AND company_id = $session_company_id");
-
-  $sql = mysqli_query($mysqli,"SELECT * FROM clients
-    LEFT JOIN locations ON primary_location = location_id AND location_archived_at IS NULL
-    LEFT JOIN contacts ON primary_contact = contact_id AND contact_archived_at IS NULL
-    WHERE client_id = $client_id 
-    AND clients.company_id = $session_company_id");
-
-  if(mysqli_num_rows($sql) == 0){
-    include("header.php");
-    echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
-  }else{
-
-  $row = mysqli_fetch_array($sql);
-  $client_name = $row['client_name'];
-  $client_type = $row['client_type'];
-  $client_website = $row['client_website'];
-  $client_referral = $row['client_referral'];
-  $client_currency_code = $row['client_currency_code'];
-  $client_net_terms = $row['client_net_terms'];
-  if($client_net_terms == 0){
-    $client_net_terms = $config_default_net_terms;
-  }
-  $client_notes = $row['client_notes'];
-  $client_created_at = $row['client_created_at'];
-  $primary_contact = $row['primary_contact'];
-  $primary_location = $row['primary_location'];
-  $contact_id = $row['contact_id'];
-  $contact_name = $row['contact_name'];
-  $contact_title = $row['contact_title'];
-  $contact_email = $row['contact_email'];
-  $contact_phone = $row['contact_phone'];
-  $contact_extension = $row['contact_extension'];
-  $contact_mobile = $row['contact_mobile'];
-  $location_id = $row['location_id'];
-  $location_name = $row['location_name'];
-  $location_address = $row['location_address'];
-  $location_city = $row['location_city'];
-  $location_state = $row['location_state'];
-  $location_zip = $row['location_zip'];
-  $location_country = $row['location_country'];
-  $location_phone = $row['location_phone'];
-
-  //Client Tags
-
-  $client_tag_name_display_array = array();
-  $client_tag_id_array = array();
-  $sql_client_tags = mysqli_query($mysqli,"SELECT * FROM client_tags LEFT JOIN tags ON client_tags.tag_id = tags.tag_id WHERE client_tags.client_id = $client_id");
-  while($row = mysqli_fetch_array($sql_client_tags)){
-
-    $client_tag_id = $row['tag_id'];
-    $client_tag_name = $row['tag_name'];
-    $client_tag_color = $row['tag_color'];
-    $client_tag_icon = $row['tag_icon'];
-    if(empty($client_tag_icon)){
-      $client_tag_icon = "tag";
-    }
-  
-    $client_tag_id_array[] = $client_tag_id;
-    $client_tag_name_display_array[] = "$client_tag_name ";
-  }
-  $client_tags_display = "<i class='fa fa-fw fa-tag text-secondary ml-1 mr-2 mb-2'></i> " . implode('', $client_tag_name_display_array);
-
-  //Add up all the payments for the invoice and get the total amount paid to the invoice
-  $sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'");
-  $row = mysqli_fetch_array($sql_invoice_amounts);
-
-  $invoice_amounts = $row['invoice_amounts'];
-
-  $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id");
-  $row = mysqli_fetch_array($sql_amount_paid);
-  
-  $amount_paid = $row['amount_paid'];
-
-  $balance = $invoice_amounts - $amount_paid;
-
-  //Badge Counts
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id"));
-  $num_contacts = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id"));
-  $num_locations = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id"));
-  $num_assets = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('ticket_id') AS num FROM tickets WHERE ticket_archived_at IS NULL AND ticket_status != 'Closed' AND ticket_client_id = $client_id"));
-  $num_active_tickets = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services WHERE service_client_id = $client_id"));
-  $num_services = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id"));
-  $num_vendors = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins WHERE login_archived_at IS NULL AND login_client_id = $client_id"));
-  $num_logins = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id"));
-  $num_networks = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains WHERE domain_archived_at IS NULL AND domain_client_id = $client_id"));
-  $num_domains = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates WHERE certificate_archived_at IS NULL AND certificate_client_id = $client_id"));
-  $num_certificates = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_archived_at IS NULL AND software_client_id = $client_id"));
-  $num_software = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_archived_at IS NULL AND invoice_client_id = $client_id"));
-  $num_invoices = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes WHERE quote_archived_at IS NULL AND quote_client_id = $client_id"));
-  $num_quotes = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring WHERE recurring_archived_at IS NULL AND recurring_client_id = $client_id"));
-  $num_recurring = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"));
-  $num_payments = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files WHERE file_archived_at IS NULL AND file_client_id = $client_id"));
-  $num_files = $row['num'];
-  
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_archived_at IS NULL AND document_client_id = $client_id"));
-  $num_documents = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM events WHERE event_client_id = $client_id"));
-  $num_events = $row['num'];
-
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips WHERE trip_archived_at IS NULL AND trip_client_id = $client_id"));
-  $num_trips = $row['num'];
-
-?>
-
-<?php
-
-include("client_side_nav.php");
-include("inc_wrapper.php");
-include("inc_alert_feedback.php");
-
-?>
-
-<?php
-
-$contact_phone = formatPhoneNumber($contact_phone);
-$contact_mobile = formatPhoneNumber($contact_mobile);
-$location_phone = formatPhoneNumber($location_phone);
-
-?>
-
-<div class="card mb-3">
-  <div class="card-body">
-    <div class="row">
-      <div class="col-md">
-        <h4 class="text-secondary"><strong><?php echo $client_name; ?></strong></h4>
-        <?php if(!empty($location_address)){ ?>
-        <a href="//maps.<?php echo $session_map_source; ?>.com/?q=<?php echo "$location_address $location_zip"; ?>" target="_blank">
-          <div><i class="fa fa-fw fa-map-marker-alt text-secondary ml-1 mr-1"></i> <?php echo $location_address; ?></div>
-          <div class="ml-4 mb-2"><?php echo "$location_city $location_state $location_zip"; ?></div>
-        </a>
-        <?php } ?>
-        <?php
-        if(!empty($location_phone)){
-        ?>
-        <i class="fa fa-fw fa-phone text-secondary ml-1 mr-2 mb-2"></i> <?php echo $location_phone; ?>
-        <br>
-        <?php 
-        } 
-        ?>
-        <?php
-        if(!empty($client_website)){
-        ?>
-        <i class="fa fa-fw fa-globe text-secondary ml-1 mr-2 mb-2"></i> <a target="_blank" href="//<?php echo $client_website; ?>"><?php echo $client_website; ?></a>
-        <br>
-        <?php 
-        }
-        ?>
-        <?php
-        if(!empty($client_tag_name_display_array)){
-        ?>
-        <?php echo $client_tags_display; ?>
-        <?php 
-        }
-        ?>
-      </div>
-      <div class="col-md border-left">
-        <h4 class="text-secondary">Contact</h4>
-        <?php
-        if(!empty($contact_name)){
-        ?>
-        <i class="fa fa-fw fa-user text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_name; ?>
-        <br>
-        <?php
-        }
-        ?>
-        <?php
-        if(!empty($contact_email)){
-        ?>
-        <i class="fa fa-fw fa-envelope text-secondary ml-1 mr-2 mb-2"></i> <a href="mailto:<?php echo $contact_email; ?>"><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button>
-        <br>
-        <?php
-        }
-        ?>
-        <?php
-        if(!empty($contact_phone)){
-        ?>
-        <i class="fa fa-fw fa-phone text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_phone; ?> 
-        <?php 
-        if(!empty($contact_extension)){ 
-        ?>
-        x<?php echo $contact_extension; ?>
-        <?php
-        }
-        ?>
-        <br>
-        <?php 
-        } 
-        ?>
-        <?php
-        if(!empty($contact_mobile)){
-        ?>
-        <i class="fa fa-fw fa-mobile-alt text-secondary ml-1 mr-2 mb-2"></i> <?php echo $contact_mobile; ?>
-        <?php 
-        } 
-        ?>
-      </div>
-      <?php if($session_user_role == 1 || $session_user_role == 3 AND $config_module_enable_accounting == 1){ ?>
-      <div class="col-md border-left">
-        <h4 class="text-secondary">Billing</h4>
-        <h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>
-        <h6 class="ml-1 text-secondary">Balance <div class="<?php if($balance > 0){ echo "text-danger"; }else{ echo "text-dark"; } ?> float-right"> <?php echo numfmt_format_currency($currency_format, $balance, $client_currency_code); ?></div></h6>
-        <h6 class="ml-1 text-secondary">Net Terms <div class="text-dark float-right"><?php echo $client_net_terms; ?> <small class="text-secondary">Days</small></div></h6>
-      </div>
-      <?php } ?>
-      <?php if($config_module_enable_ticketing == 1){ ?>
-      <div class="col-md border-left">
-        <h4 class="text-secondary">Support</h4>
-        <h6 class="ml-1 text-secondary">Open Tickets <div class="text-dark float-right"><?php echo $num_active_tickets; ?></div></h6>
-      </div>
-      <?php } ?>
-      <div class="col-md-1 border-left">
-        <?php if($session_user_role == 3) { ?>
-          <div class="dropdown dropleft text-center">
-            <button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
-              <i class="fas fa-fw fa-ellipsis-v"></i>
-            </button>
-            <div class="dropdown-menu">
-              <a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
-              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
-              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
-              <div class="dropdown-divider"></div>
-              <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
-              <div class="dropdown-divider"></div>
-              <a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive</a>
-              <div class="dropdown-divider"></div>
-              <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
-            </div>
-          </div>
-        <?php } ?>
-      </div>
-    </div>
-  </div>
-</div>
-
-<?php 
-  
-  include("client_routes.php");
-  include("client_edit_modal.php");
-  include("client_delete_modal.php");
-  include("category_quick_add_modal.php");
-
-  }
-
-}
-
-include("footer.php");
-
-?>
\ No newline at end of file
diff --git a/client.js b/test_stripe_client.js
similarity index 100%
rename from client.js
rename to test_stripe_client.js
diff --git a/guest_checkout.php b/test_stripe_guest_checkout.php
similarity index 93%
rename from guest_checkout.php
rename to test_stripe_guest_checkout.php
index 1e7deaab..0c7709ba 100644
--- a/guest_checkout.php
+++ b/test_stripe_guest_checkout.php
@@ -1,4 +1,7 @@
-<?php 
+<?php
+
+exit();
+
 include("config.php");
 include("check_login.php");
 include("functions.php");
@@ -15,7 +18,7 @@ include("functions.php");
     <link rel="stylesheet" href="global.css" />
     <script src="https://js.stripe.com/v3/"></script>
     <script src="https://polyfill.io/v3/polyfill.min.js?version=3.52.1&features=fetch"></script>
-    <script src="client.js" defer></script>
+    <script src="test_stripe_client.js" defer></script>
   </head>
 
   <body>
diff --git a/tickets.php b/tickets.php
index d7cdb78d..d04b1ef5 100644
--- a/tickets.php
+++ b/tickets.php
@@ -176,7 +176,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                     <div class="col-sm-4">
                         <div class="input-group">
                             <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {
-                                echo stripslashes(htmlentities($q));
+                                echo strip_tags(htmlentities($q));
                             } ?>" placeholder="Search Tickets">
                             <div class="input-group-append">
                                 <button class="btn btn-secondary" type="button" data-toggle="collapse"
diff --git a/transfers.php b/transfers.php
index 68bbe16c..9ce32e43 100644
--- a/transfers.php
+++ b/transfers.php
@@ -80,7 +80,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Transfers">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Transfers">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/trips.php b/trips.php
index 36175ec4..7354583d 100644
--- a/trips.php
+++ b/trips.php
@@ -84,7 +84,7 @@
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Trips">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/user_profile.php b/user_profile.php
index cb101d5c..b0b07736 100644
--- a/user_profile.php
+++ b/user_profile.php
@@ -22,7 +22,6 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
 
         <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
           <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-          <input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>">
           <input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>">
 
           <center class="mb-3 p-4">
@@ -96,6 +95,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
         <h3>2-Factor Authentication</h3>
 
         <form class="p-3" action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
           <?php if(empty($session_token)){ ?>
             <p>You have not setup 2FA, click on enable to setup 2FA.</p>
diff --git a/users.php b/users.php
index bc4b92d0..5269ca8b 100644
--- a/users.php
+++ b/users.php
@@ -37,7 +37,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Users">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Users">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/vendors.php b/vendors.php
index a39d6ed8..502320a5 100644
--- a/vendors.php
+++ b/vendors.php
@@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Vendors">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo strip_tags(htmlentities($q));} ?>" placeholder="Search Vendors">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>