AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update more broken links from file diretory consolidation and started migrating some js and ajax and css from root to /user /admin etc that pertain to the section

This commit is contained in:
johnnyq 2025-07-30 20:08:28 -04:00
parent 5a76780cd9
commit 8e87c25de1
54 changed files with 1989 additions and 563 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
ajax.php → REMOVEajax.php
View File

4
admin/ticket_template_details.php
View File

@ -137,9 +137,9 @@ $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE
</div>
<script src="js/pretty_content.js"></script>
<script src="../js/pretty_content.js"></script>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script>
new Sortable(document.querySelector('table#tasks tbody'), {
handle: '.drag-handle',

2
js/credential_show_otp_via_id.js
View File

@ -1,7 +1,7 @@
function showOTPViaCredentialID(credential_id) {
// Send a GET request to ajax.php as ajax.php?get_totp_token_via_id=true&credential_id=ID
jQuery.get(
"ajax.php", {
"../ajax.php", {
get_totp_token_via_id: 'true',
credential_id: credential_id
},

2
js/share_modal.js
View File

@ -35,7 +35,7 @@ function generateShareLink() {
if (item_expires) {
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
jQuery.get(
"ajax.php",
"../ajax.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email},
function(data) {

677
user/ajax.php Normal file
View File

@ -0,0 +1,677 @@
<?php
/*
* ajax.php
* Similar to post.php, but for requests using Asynchronous JavaScript
* Always returns data in JSON format, unless otherwise specified
*/
require_once "../config.php";
require_once "../functions.php";
require_once "../includes/check_login.php";
require_once "../plugins/totp/totp.php";
/*
* Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
*/
if (isset($_GET['certificate_fetch_parse_json_details'])) {
enforceUserPermission('module_support');
// PHP doesn't appreciate attempting SSL sockets to non-existent domains
if (empty($_GET['domain'])) {
exit();
}
$name = $_GET['domain'];
// Get SSL cert for domain (if exists)
$certificate = getSSL($name);
if ($certificate['success'] == "TRUE") {
$response['success'] = "TRUE";
$response['expire'] = $certificate['expire'];
$response['issued_by'] = $certificate['issued_by'];
$response['public_key'] = $certificate['public_key'];
} else {
$response['success'] = "FALSE";
}
echo json_encode($response);
}
/*
* Looks up info on the ticket number provided, used to populate the ticket merge modal
*/
if (isset($_GET['merge_ticket_get_json_details'])) {
enforceUserPermission('module_support');
$merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, ticket_status_name, client_name, contact_name FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
//Do nothing.
echo "No ticket found!";
} else {
//Return ticket, client and contact details for the given ticket number
$response = mysqli_fetch_array($sql);
echo json_encode($response);
}
}
if (isset($_POST['client_set_notes'])) {
enforceUserPermission('module_client', 2);
$client_id = intval($_POST['client_id']);
$notes = sanitizeInput($_POST['notes']);
// Update notes
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = $client_id");
// Logging
logAction("Client", "Edit", "$session_name edited client notes", $client_id);
}
if (isset($_POST['contact_set_notes'])) {
enforceUserPermission('module_client', 2);
$contact_id = intval($_POST['contact_id']);
$notes = sanitizeInput($_POST['notes']);
// Get Contact Details and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id
FROM contacts WHERE contact_id = $contact_id"
);
$row = mysqli_fetch_array($sql);
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
// Update notes
mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
// Logging
logAction("Contact", "Edit", "$session_name edited contact notes for $contact_name", $client_id, $contact_id);
}
if (isset($_POST['asset_set_notes'])) {
enforceUserPermission('module_support', 2);
$asset_id = intval($_POST['asset_id']);
$notes = sanitizeInput($_POST['notes']);
// Get Asset Details and Client ID for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id
FROM assets WHERE asset_id = $asset_id"
);
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
// Update notes
mysqli_query($mysqli, "UPDATE assets SET asset_notes = '$notes' WHERE asset_id = $asset_id");
// Logging
logAction("Asset", "Edit", "$session_name edited asset notes for $asset_name", $client_id, $asset_id);
}
/*
* Ticketing Collision Detection/Avoidance
* Called upon loading a ticket, and every 2 mins thereafter
* Is used in conjunction with ticket_query_views to show who is currently viewing a ticket
*/
if (isset($_GET['ticket_add_view'])) {
$ticket_id = intval($_GET['ticket_id']);
mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = $ticket_id, view_user_id = $session_user_id, view_timestamp = NOW()");
}
/*
* Ticketing Collision Detection/Avoidance
* Returns formatted text of the agents currently viewing a ticket
* Called upon loading a ticket, and every 2 mins thereafter
*/
if (isset($_GET['ticket_query_views'])) {
$ticket_id = intval($_GET['ticket_id']);
$query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = $ticket_id AND view_user_id != $session_user_id AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
while ($row = mysqli_fetch_array($query)) {
$users[] = $row['user_name'];
}
if (!empty($users)) {
$users = array_unique($users);
if (count($users) > 1) {
// Multiple viewers
$response['message'] = "<i class='fas fa-fw fa-eye mr-2'></i>" . nullable_htmlentities(implode(", ", $users) . " are viewing this ticket.");
} else {
// Single viewer
$response['message'] = "<i class='fas fa-fw fa-eye mr-2'></i>" . nullable_htmlentities(implode("", $users) . " is viewing this ticket.");
}
} else {
// No viewers
$response['message'] = "";
}
echo json_encode($response);
}
/*
* Generates public/guest links for sharing credentials/docs
*/
if (isset($_GET['share_generate_link'])) {
enforceUserPermission('module_support', 2);
$item_encrypted_username = ''; // Default empty
$item_encrypted_credential = ''; // Default empty
$client_id = intval($_GET['client_id']);
$item_type = sanitizeInput($_GET['type']);
$item_id = intval($_GET['id']);
$item_email = sanitizeInput($_GET['contact_email']);
$item_note = sanitizeInput($_GET['note']);
$item_view_limit = intval($_GET['views']);
$item_view_limit_wording = "";
if ($item_view_limit == 1) {
$item_view_limit_wording = " and may only be viewed <strong>once</strong>, before the link is destroyed.";
}
$item_expires = sanitizeInput($_GET['expires']);
$item_expires_friendly = "never"; // default never
if ($item_expires == "1 HOUR") {
$item_expires_friendly = "1 hour";
} elseif ($item_expires == "24 HOUR") {
$item_expires_friendly = "1 day";
} elseif ($item_expires == "168 HOUR") {
$item_expires_friendly = "1 week";
} elseif ($item_expires == "730 HOUR") {
$item_expires_friendly = "1 month";
}
$item_key = randomString(156);
if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['document_name']);
}
if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1"));
$item_name = sanitizeInput($row['file_name']);
}
if ($item_type == "Credential") {
$credential = mysqli_query($mysqli, "SELECT credential_name, credential_username, credential_password FROM credentials WHERE credential_id = $item_id AND credential_client_id = $client_id LIMIT 1");
$row = mysqli_fetch_array($credential);
$item_name = sanitizeInput($row['credential_name']);
// Decrypt & re-encrypt username/password for sharing
$credential_encryption_key = randomString();
$credential_username_cleartext = decryptCredentialEntry($row['credential_username']);
$iv = randomString();
$username_ciphertext = openssl_encrypt($credential_username_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
$item_encrypted_username = $iv . $username_ciphertext;
$credential_password_cleartext = decryptCredentialEntry($row['credential_password']);
$iv = randomString();
$password_ciphertext = openssl_encrypt($credential_password_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $password_ciphertext;
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_recipient = '$item_email', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id");
$share_id = $mysqli->insert_id;
// Return URL
if ($item_type == "Credential") {
$url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$credential_encryption_key";
}
else {
$url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key";
}
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// Sanitize Config vars from get_settings.php
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
// Send user e-mail, if specified
if(!empty($config_smtp_host) && filter_var($item_email, FILTER_VALIDATE_EMAIL)){
$subject = "Time sensitive - $company_name secure link enclosed";
if ($item_expires_friendly == "never") {
$subject = "$company_name secure link enclosed";
}
$body = "Hello,<br><br>$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".<br><br>The link will expire in <strong>$item_expires_friendly</strong>$item_view_limit_wording.<br><br><strong><a href=\'$url\'>Click here to access your secure content</a></strong><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
// Add the intended recipient disclosure
$body .= "<br><br><em>This email and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify the sender and delete this email. Unauthorized use, disclosure, or distribution is prohibited.</em>";
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $item_email,
'recipient_name' => $item_email,
'subject' => $subject,
'body' => $body
]
];
addToMailQueue($data);
}
echo json_encode($url);
// Logging
logAction("Share", "Create", "$session_name created shared link for $item_type - $item_name", $client_id, $item_id);
}
/*
* Returns sorted list of active clients
*/
if (isset($_GET['get_active_clients'])) {
enforceUserPermission('module_client');
$client_sql = mysqli_query(
$mysqli,
"SELECT client_id, client_name FROM clients
WHERE client_archived_at IS NULL
$access_permission_query
ORDER BY client_accessed_at DESC"
);
while ($row = mysqli_fetch_array($client_sql)) {
$response['clients'][] = $row;
}
echo json_encode($response);
}
/*
* Returns ordered list of active contacts for a specified client
*/
if (isset($_GET['get_client_contacts'])) {
enforceUserPermission('module_client');
$client_id = intval($_GET['client_id']);
$contact_sql = mysqli_query(
$mysqli,
"SELECT contact_id, contact_name, contact_primary, contact_important, contact_technical FROM contacts
LEFT JOIN clients on contact_client_id = client_id
WHERE contacts.contact_archived_at IS NULL AND contact_client_id = $client_id
$access_permission_query
ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name"
);
while ($row = mysqli_fetch_array($contact_sql)) {
$response['contacts'][] = $row;
}
echo json_encode($response);
}
/*
* Returns ordered list of active assets for a specified client
*/
if (isset($_GET['get_client_assets'])) {
enforceUserPermission('module_client');
$client_id = intval($_GET['client_id']);
$asset_sql = mysqli_query(
$mysqli,
"SELECT asset_id, asset_name, contact_name FROM assets
LEFT JOIN clients on asset_client_id = client_id
LEFT JOIN contacts ON contact_id = asset_contact_id
WHERE assets.asset_archived_at IS NULL AND asset_client_id = $client_id
$access_permission_query
ORDER BY asset_important DESC, asset_name"
);
while ($row = mysqli_fetch_array($asset_sql)) {
$response['assets'][] = $row;
}
echo json_encode($response);
}
/*
* Returns locations for a specified client
*/
if (isset($_GET['get_client_locations'])) {
enforceUserPermission('module_client');
$client_id = intval($_GET['client_id']);
$locations_sql = mysqli_query(
$mysqli,
"SELECT location_id, location_name FROM locations
LEFT JOIN clients on location_client_id = client_id
WHERE locations.location_archived_at IS NULL AND location_client_id = $client_id
$access_permission_query
ORDER BY location_primary DESC, location_name ASC"
);
while ($row = mysqli_fetch_array($locations_sql)) {
$response['locations'][] = $row;
}
echo json_encode($response);
}
/*
* Returns ordered list of vendors for a specified client
*/
if (isset($_GET['get_client_vendors'])) {
enforceUserPermission('module_client');
$client_id = intval($_GET['client_id']);
$vendors_sql = mysqli_query(
$mysqli,
"SELECT vendor_id, vendor_name FROM vendors
LEFT JOIN clients on vendor_client_id = client_id
WHERE vendors.vendor_archived_at IS NULL AND vendor_client_id = $client_id
$access_permission_query
ORDER BY vendor_name ASC"
);
while ($row = mysqli_fetch_array($vendors_sql)) {
$response['vendors'][] = $row;
}
echo json_encode($response);
}
/*
* NEW TOTP getter for client login/passwords page
* When provided with a login ID, checks permissions and returns the 6-digit code
*/
if (isset($_GET['get_totp_token_via_id'])) {
enforceUserPermission('module_credential');
$credential_id = intval($_GET['credential_id']);
$sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT credential_name, credential_otp_secret, credential_client_id FROM credentials WHERE credential_id = $credential_id"));
$name = sanitizeInput($sql['credential_name']);
$totp_secret = $sql['credential_otp_secret'];
$client_id = intval($sql['credential_client_id']);
$otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
echo json_encode($otp);
// Logging
// Only log the TOTP view if the user hasn't already viewed this specific login entry recently, this prevents logs filling if a user hovers across an entry a few times
$check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Credential' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $credential_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$recent_totp_view_logged_count = intval($check_recent_totp_view_logged_sql['recent_totp_view']);
if ($recent_totp_view_logged_count == 0) {
// Logging
logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $credential_id);
}
}
if (isset($_GET['get_readable_pass'])) {
echo json_encode(GenerateReadablePassword(4));
}
/*
* ITFlow - POST request handler for client tickets
*/
if (isset($_POST['update_kanban_status_position'])) {
// Update multiple ticket status kanban orders
enforceUserPermission('module_support', 2);
$positions = $_POST['positions'];
foreach ($positions as $position) {
$status_id = intval($position['status_id']);
$kanban = intval($position['status_kanban']);
mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_order = $kanban WHERE ticket_status_id = $status_id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}
if (isset($_POST['update_kanban_ticket'])) {
// Update ticket kanban order and status
enforceUserPermission('module_support', 2);
// all tickets on the column
$positions = $_POST['positions'];
foreach ($positions as $position) {
$ticket_id = intval($position['ticket_id']);
$kanban = intval($position['ticket_order']); // ticket kanban position
$status = intval($position['ticket_status']); // ticket statuses
$oldStatus = intval($position['ticket_oldStatus']); // ticket old status if moved
$statuses['Closed'] = 5;
$statuses['Resolved'] = 4;
// Continue if status is null / Closed
if ($status === null || $status === $statuses['Closed']) {
continue;
}
if ($oldStatus === false) {
// if ticket was not moved, just uptdate the order on kanban
mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban WHERE ticket_id = $ticket_id");
customAction('ticket_update', $ticket_id);
} else {
// If the ticket was moved from a resolved status to another status, we need to update ticket_resolved_at
if ($oldStatus === $statuses['Resolved']) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id");
customAction('ticket_update', $ticket_id);
} elseif ($status === $statuses['Resolved']) {
// If the ticket was moved to a resolved status, we need to update ticket_resolved_at
mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
customAction('ticket_update', $ticket_id);
// Client notification email
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get details
$ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$client_id = intval($row['ticket_client_id']);
$ticket_assigned_to = intval($row['ticket_assigned_to']);
$ticket_status = sanitizeInput($row['ticket_status_name']);
$url_key = sanitizeInput($row['ticket_url_key']);
// Sanitize Config vars from get_settings.php
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
// Get Company Info
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// EMAIL
$subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
$body = "<i style=\'color: #808080\'>##- Please type your reply above this line -##</i><br><br>Hello $contact_name,<br><br>Your ticket regarding $ticket_subject has been marked as solved and is pending closure.<br><br>If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key\'>re-open</a> to let us know! <br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: $ticket_status<br>Portal: <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key\'>View ticket</a><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
// Check email valid
if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
$data = [];
// Email Ticket Contact
// Queue Mail
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $contact_email,
'recipient_name' => $contact_name,
'subject' => $subject,
'body' => $body
];
}
// Also Email all the watchers
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
$body .= "<br><br>----------------------------------------<br>YOU ARE A COLLABORATOR ON THIS TICKET";
while ($row = mysqli_fetch_array($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
// Queue Mail
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $watcher_email,
'recipient_name' => $watcher_email,
'subject' => $subject,
'body' => $body
];
}
addToMailQueue($data);
}
//End Mail IF
} else {
// If the ticket was moved from any status to another status
mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status WHERE ticket_id = $ticket_id");
customAction('ticket_update', $ticket_id);
}
}
}
// return a response
echo json_encode(['status' => 'success','payload' => $positions]);
exit;
}
if (isset($_POST['update_ticket_tasks_order'])) {
// Update multiple ticket tasks order
enforceUserPermission('module_support', 2);
$positions = $_POST['positions'];
$ticket_id = intval($_POST['ticket_id']);
foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);
mysqli_query($mysqli, "UPDATE tasks SET task_order = $order WHERE task_ticket_id = $ticket_id AND task_id = $id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}
if (isset($_POST['update_task_templates_order'])) {
// Update multiple task templates order
enforceUserPermission('module_support', 2);
$positions = $_POST['positions'];
$ticket_template_id = intval($_POST['ticket_template_id']);
foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);
mysqli_query($mysqli, "UPDATE task_templates SET task_template_order = $order WHERE task_template_ticket_template_id = $ticket_template_id AND task_template_id = $id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}
if (isset($_POST['update_quote_items_order'])) {
// Update multiple quote items order
enforceUserPermission('module_sales', 2);
$positions = $_POST['positions'];
$quote_id = intval($_POST['quote_id']);
foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);
mysqli_query($mysqli, "UPDATE invoice_items SET item_order = $order WHERE item_quote_id = $quote_id AND item_id = $id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}
if (isset($_POST['update_invoice_items_order'])) {
// Update multiple invoice items order
enforceUserPermission('module_sales', 2);
$positions = $_POST['positions'];
$invoice_id = intval($_POST['invoice_id']);
foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);
mysqli_query($mysqli, "UPDATE invoice_items SET item_order = $order WHERE item_invoice_id = $invoice_id AND item_id = $id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}
if (isset($_POST['update_recurring_invoice_items_order'])) {
// Update multiple recurring invoice items order
enforceUserPermission('module_sales', 2);
$positions = $_POST['positions'];
$recurring_invoice_id = intval($_POST['recurring_invoice_id']);
foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);
mysqli_query($mysqli, "UPDATE invoice_items SET item_order = $order WHERE item_recurring_invoice_id = $recurring_invoice_id AND item_id = $id");
}
// return a response
echo json_encode(['status' => 'success']);
exit;
}

8
user/ajax/ajax_asset_details.php
View File

@ -254,7 +254,7 @@ ob_start();
<div class="card-header">
<h3 class="text-bold"><i class="fa fa-fw text-secondary fa-<?php echo $device_icon; ?> mr-3"></i><?php echo $asset_name; ?></h3>
<?php if ($asset_photo) { ?>
<img class="img-fluid img-circle p-3" alt="asset_photo" src="<?php echo "uploads/clients/$client_id/$asset_photo"; ?>">
<img class="img-fluid img-circle p-3" alt="asset_photo" src="<?php echo "../uploads/clients/$client_id/$asset_photo"; ?>">
<?php } ?>
<?php if ($asset_description) { ?>
<div class="text-secondary"><?php echo $asset_description; ?></div>
@ -348,7 +348,7 @@ ob_start();
// Send a POST request to ajax.php as ajax.php with data contact_set_notes=true, contact_id=NUM, notes=NOTES
jQuery.post(
"ajax.php",
"../ajax.php",
{
asset_set_notes: 'TRUE',
asset_id: asset_id,
@ -530,7 +530,7 @@ ob_start();
</div>
</div>
<!-- Include script to get TOTP code via the credentials ID -->
<script src="js/credential_show_otp_via_id.js"></script>
<script src="../js/credential_show_otp_via_id.js"></script>
<?php } ?>
<?php if ($ticket_count) { ?>
@ -831,7 +831,7 @@ ob_start();
$file_created_at = nullable_htmlentities($row['file_created_at']);
?>
<tr>
<td><a class="text-dark" href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" ><?php echo "$file_name<br><span class='text-secondary'>$file_description</span>"; ?></a></td>
<td><a class="text-dark" href="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" ><?php echo "$file_name<br><span class='text-secondary'>$file_description</span>"; ?></a></td>
<td><?php echo $file_mime_type; ?></td>
<td><?php echo $file_created_at; ?></td>
</tr>

2
user/ajax/ajax_asset_edit.php
View File

@ -438,7 +438,7 @@ ob_start();
<div class="mb-3 text-center">
<?php if ($asset_photo) { ?>
<img class="img-fluid" alt="asset_photo" src="<?php echo "uploads/clients/$client_id/$asset_photo"; ?>">
<img class="img-fluid" alt="asset_photo" src="<?php echo "../uploads/clients/$client_id/$asset_photo"; ?>">
<?php } ?>
</div>

4
user/ajax/ajax_contact_details.php
View File

@ -221,7 +221,7 @@ ob_start();
<div class="text-center">
<?php if ($contact_photo) { ?>
<img class="img-thumbnail img-circle col-3" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<img class="img-thumbnail img-circle col-3" alt="contact_photo" src="<?php echo "../uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
@ -773,7 +773,7 @@ ob_start();
<tr>
<td>
<div><a href="uploads/clients/<?php echo $client_id; ?>/<?php echo $file_reference_name; ?>"><?php echo $file_name; ?></a></div>
<div><a href="../uploads/clients/<?php echo $client_id; ?>/<?php echo $file_reference_name; ?>"><?php echo $file_name; ?></a></div>
<div class="text-secondary"><?php echo $file_description; ?></div>
</td>
<td><?php echo $file_mime_type; ?></td>

4
user/ajax/ajax_contact_edit.php
View File

@ -282,7 +282,7 @@ ob_start();
<div class="mb-3 text-center">
<?php if ($contact_photo) { ?>
<img class="img-fluid" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<img class="img-fluid" alt="contact_photo" src="<?php echo "../uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
@ -352,7 +352,7 @@ ob_start();
function generatePassword(type, id) {
// Send a GET request to ajax.php as ajax.php?get_readable_pass=true
jQuery.get(
"../ajax.php", {
"ajax.php", {
get_readable_pass: 'true'
},
function(data) {

2
user/ajax/ajax_expense_edit.php
View File

@ -230,7 +230,7 @@ ob_start();
<?php if (!empty($expense_receipt)) { ?>
<hr>
<a class="text-secondary" href="<?php echo "uploads/expenses/$expense_receipt"; ?>"
<a class="text-secondary" href="<?php echo "../uploads/expenses/$expense_receipt"; ?>"
download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>">
<i class="fa fa-fw fa-2x fa-file-pdf text-secondary"></i> <?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf" ?>
</a>

6
user/ajax/ajax_location_edit.php
View File

@ -1,6 +1,6 @@
<?php
require_once '../../../includes/modal_header.php';
require_once '../../includes/modal_header.php';
$location_id = intval($_GET['id']);
@ -100,7 +100,7 @@ ob_start();
<div class="mb-3" style="text-align: center;">
<?php if (!empty($location_photo)) { ?>
<img class="img-fluid" src="<?php echo "uploads/clients/$client_id/$location_photo"; ?>">
<img class="img-fluid" src="<?php echo "../uploads/clients/$client_id/$location_photo"; ?>">
<?php } ?>
</div>
@ -299,4 +299,4 @@ ob_start();
<?php
require_once '../../../includes/modal_footer.php';
require_once '../../includes/modal_footer.php';

2
user/ajax/ajax_transfer_edit.php
View File

@ -166,7 +166,7 @@ ob_start();
<option value="">- Method of Transfer -</option>
<?php
$sql_transfer_method_select = mysqli_query($mysqli, "SELECT * FROM payment_methods WHERE payment_method_provider_id = 0 ORDER BY payment_method_name ASC");
$sql_transfer_method_select = mysqli_query($mysqli, "SELECT * FROM payment_methods ORDER BY payment_method_name ASC");
while ($row = mysqli_fetch_array($sql_transfer_method_select)) {
$payment_method_name_select = nullable_htmlentities($row['payment_method_name']);
?>

4
user/asset_details.php
View File

@ -245,7 +245,7 @@ if (isset($_GET['asset_id'])) {
</button>
<h4 class="text-bold"><i class="fa fa-fw text-secondary fa-<?php echo $device_icon; ?> mr-3"></i><?php echo $asset_name; ?></h4>
<?php if ($asset_photo) { ?>
<img class="img-fluid img-circle p-3" alt="asset_photo" src="<?php echo "uploads/clients/$client_id/$asset_photo"; ?>">
<img class="img-fluid img-circle p-3" alt="asset_photo" src="<?php echo "../uploads/clients/$client_id/$asset_photo"; ?>">
<?php } ?>
<?php if ($asset_description) { ?>
<div class="text-secondary"><?php echo $asset_description; ?></div>
@ -948,7 +948,7 @@ if (isset($_GET['asset_id'])) {
?>
<tr>
<td><a class="text-dark" href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" ><?php echo "$file_name<br><span class='text-secondary'>$file_description</span>"; ?></a></td>
<td><a class="text-dark" href="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank" ><?php echo "$file_name<br><span class='text-secondary'>$file_description</span>"; ?></a></td>
<td><?php echo $file_created_at; ?></td>
<td class="text-center">
<a href="post.php?unlink_asset_from_file&asset_id=<?php echo $asset_id; ?>&file_id=<?php echo $file_id; ?>" class="btn btn-secondary btn-sm" title="Unlink"><i class="fas fa-fw fa-unlink"></i></a>

4
user/assets.php
View File

@ -721,8 +721,8 @@ if (mysqli_num_rows($os_sql) > 0) {
<script src="../js/bulk_actions.js"></script>
<!-- JSON Autocomplete / type ahead -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script>
$(function() {
var operatingSystems = <?php echo $json_os; ?>;

4
user/client_document_details.php
View File

@ -4,7 +4,7 @@ require_once "includes/inc_all_client.php";
//Initialize the HTML Purifier to prevent XSS
require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
require "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
@ -410,7 +410,7 @@ $page_title = $row['document_name'];
</div>
<script src="js/pretty_content.js"></script>
<script src="../js/pretty_content.js"></script>
<?php

10
user/client_files.php
View File

@ -327,7 +327,7 @@ while ($folder_id > 0) {
$files[] = [
'id' => $file_id,
'name' => $file_name,
'preview' => "uploads/clients/$client_id/$file_reference_name"
'preview' => "../uploads/clients/$client_id/$file_reference_name"
];
?>
@ -335,7 +335,7 @@ while ($folder_id > 0) {
<div class="col-xl-2 col-lg-2 col-md-6 col-sm-6 mb-3 text-center">
<a href="#" onclick="openModal(<?php echo count($files)-1; ?>)"><!-- passing the index -->
<img class="img-thumbnail" src="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>">
<img class="img-thumbnail" src="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" alt="<?php echo $file_reference_name ?>">
</a>
<div>
@ -345,7 +345,7 @@ while ($folder_id > 0) {
<i class="fas fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>">
<a class="dropdown-item" href="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>">
<i class="fas fa-fw fa-cloud-download-alt mr-2"></i>Download
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)">
@ -514,7 +514,7 @@ while ($folder_id > 0) {
</div>
</td>
<td>
<a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank">
<a href="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" target="_blank">
<div class="media">
<i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> text-dark mr-3"></i>
<div class="media-body">
@ -550,7 +550,7 @@ while ($folder_id > 0) {
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>">
<a class="dropdown-item" href="<?php echo "../uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>">
<i class="fas fa-fw fa-cloud-download-alt mr-2"></i>Download
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)">

968
user/client_overview.php
View File

File diff suppressed because it is too large Load Diff

2
user/client_racks.php
View File

@ -131,7 +131,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-md-6">
<?php if ($rack_photo) { ?>
<img class="img-thumbnail mb-3" alt="rack_photo" src="<?php echo "uploads/clients/$client_id/$rack_photo"; ?>">
<img class="img-thumbnail mb-3" alt="rack_photo" src="<?php echo "../uploads/clients/$client_id/$rack_photo"; ?>">
<?php } ?>
<table class="table table-sm table-borderless border">
<tbody>

4
user/contact_details.php
View File

@ -182,7 +182,7 @@ if (isset($_GET['contact_id'])) {
<div class="text-center">
<?php if ($contact_photo) { ?>
<img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<img class="img-fluid img-circle p-3" alt="contact_photo" src="<?php echo "../uploads/clients/$client_id/$contact_photo"; ?>">
<?php } else { ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
@ -1042,7 +1042,7 @@ if (isset($_GET['contact_id'])) {
<tr>
<td>
<div><a href="uploads/clients/<?php echo $client_id; ?>/<?php echo $file_reference_name; ?>"><?php echo $file_name; ?></a></div>
<div><a href="../uploads/clients/<?php echo $client_id; ?>/<?php echo $file_reference_name; ?>"><?php echo $file_name; ?></a></div>
<div class="text-secondary"><?php echo $file_description; ?></div>
</td>
<td><?php echo $file_mime_type; ?></td>

2
user/contacts.php
View File

@ -462,7 +462,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="media">
<?php if ($contact_photo) { ?>
<span class="fa-stack fa-2x mr-3 text-center">
<img class="img-size-50 img-circle" src="<?php echo "uploads/clients/$client_id/$contact_photo"; ?>">
<img class="img-size-50 img-circle" src="<?php echo "../uploads/clients/$client_id/$contact_photo"; ?>">
</span>
<?php } else { ?>
<span class="fa-stack fa-2x mr-3">

15
user/css/quote_dropdowns_fix.css Normal file
View File

@ -0,0 +1,15 @@
/*!
* AdminLTE 3.2.0 Specific Dropdown Fix
* Targets .fix-quote-dropdown only
* Prevents alignment bugs in split button dropdowns going too far left
* (ChatGPT)
*/
.fix-quote-dropdown .dropdown-menu {
left: auto !important;
right: 0 !important;
top: calc(100% + 0.25rem) !important;
transform: none !important;
min-width: max-content;
z-index: 1050;
}

83
user/css/tickets_kanban.css Normal file
View File

@ -0,0 +1,83 @@
/* General Popover Styling */
.popover {
max-width: 600px;
}
/* Kanban Board Container */
#kanban-board {
display: flex;
overflow-x: auto;
box-sizing: border-box;
min-width: 400px;
height: calc(100vh - 210px);
}
/* Kanban Column */
.kanban-column {
flex: 1;
min-width: 300px;
max-width: 300px;
margin: 0 10px;
background: #f4f4f4;
border: 1px solid #ccc;
border-radius: 4px;
padding: 10px;
min-height: calc(100vh - 230px);
max-height: calc(100vh - 230px);
box-sizing: border-box;
display: flex;
flex-direction: column;
}
/* Column Inner Scrollable Task Area */
.kanban-status {
flex: 1;
overflow-y: auto;
min-height: 60px;
position: relative;
padding: 5px;
background-color: #f9f9f9;
border-radius: 4px;
}
/* Individual Task Cards */
.task {
background: #fff;
margin: 5px 0;
padding: 10px;
border: 1px solid #ddd;
border-radius: 4px;
cursor: grab;
user-select: none;
}
/* Grabbing Cursor State */
.task:active {
cursor: grabbing;
}
/* Drag Handle (shown on mobile or with class targeting) */
.drag-handle-class {
float: right;
touch-action: none;
cursor: grab;
}
/* Placeholder shown in empty columns */
.empty-placeholder {
border: 2px dashed #ccc;
background-color: #fcfcfc;
color: #999;
font-style: italic;
padding: 12px;
margin: 10px 0;
text-align: center;
border-radius: 4px;
pointer-events: none;
}
/* Sortable drop zone feedback (optional visual cue) */
.kanban-status.sortable-over {
background-color: #eaf6ff;
transition: background-color 0.2s ease;
}

2
user/dashboard.php
View File

@ -734,7 +734,7 @@ if ($user_config_dashboard_technical_enable == 1) {
<?php } ?>
<?php require_once "../../includes/footer.php"; ?>
<?php require_once "../includes/footer.php"; ?>
<?php if ($user_config_dashboard_financial_enable == 1) { ?>

4
user/expenses.php
View File

@ -291,7 +291,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
$path_info = pathinfo($expense_receipt);
$ext = $path_info['extension'];
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$expense_receipt' download='$expense_date-$vendor_name-$category_name-$expense_id.$ext'><i class='fa fa-file'></i></a>";
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='../uploads/expenses/$expense_receipt' download='$expense_date-$vendor_name-$category_name-$expense_id.$ext'><i class='fa fa-file'></i></a>";
}
?>
@ -328,7 +328,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<?php
if (!empty($expense_receipt)) { ?>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<a class="dropdown-item" href="<?php echo "../uploads/expenses/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<i class="fas fa-fw fa-download mr-2"></i>Download
</a>
<div class="dropdown-divider"></div>

354
user/includes/client_side_nav.php Normal file
View File

@ -0,0 +1,354 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php if (isset($_GET['client_id'])) { echo "gray"; } else { echo nullable_htmlentities($config_theme); } ?> d-print-none">
<a class="brand-link pb-1 mt-1" href="clients.php">
<p class="h5">
<i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
<span class="brand-text">
Back | <strong><?php echo $client_abbreviation; ?></strong>
</span>
</p>
</a>
<!-- Sidebar -->
<div class="sidebar">
<!-- Sidebar Menu -->
<nav>
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" role="menu" data-accordion="false">
<li class="nav-item mt-3">
<a href="client_overview.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_overview.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-tachometer-alt"></i>
<p>Overview</p>
</a>
</li>
<li class="nav-item">
<a href="contacts.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "contacts.php" || basename($_SERVER["PHP_SELF"]) == "contact_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-address-book"></i>
<p>
Contacts
<?php
if ($num_contacts > 0) { ?>
<span class="right badge text-light"><?php echo $num_contacts; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="locations.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "locations.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-map-marker-alt"></i>
<p>
Locations
<?php
if ($num_locations > 0) { ?>
<span class="right badge text-light"><?php echo $num_locations; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if ($config_module_enable_ticketing == 1 && lookupUserPermission("module_support") >= 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php
if ($num_active_tickets > 0) { ?>
<span class="right badge <?php if ($num_active_tickets > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring Tickets
<?php
if ($num_recurring_tickets) { ?>
<span class="right badge"><?php echo $num_recurring_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="projects.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "projects.php" || basename($_SERVER["PHP_SELF"]) == "project_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>
Projects
<?php if ($num_active_projects) { ?>
<span class="right badge text-light" data-toggle="tooltip" title="Open Projects"><?php echo $num_active_projects; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item">
<a href="vendors.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "vendors.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-building"></i>
<p>
Vendors
<?php
if ($num_vendors > 0) { ?>
<span class="right badge text-light"><?php echo $num_vendors; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="calendar.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "calendar.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-calendar-alt"></i>
<p>
Calendar
<?php
if ($num_calendar_events > 0) { ?>
<span class="right badge text-light"><?php echo $num_calendar_events; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if ($config_module_enable_itdoc == 1) { ?>
<li class="nav-header mt-3">DOCUMENTATION</li>
<?php if (lookupUserPermission("module_support") >= 1) { ?>
<li class="nav-item">
<a href="assets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "assets.php" || basename($_SERVER["PHP_SELF"]) == "client_asset_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-desktop"></i>
<p>
Assets
<?php
if ($num_assets > 0) { ?>
<span class="right badge text-light"><?php echo $num_assets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="software.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "software.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cube"></i>
<p>
Licenses
<?php
if ($num_software > 0) { ?>
<span class="right badge <?php if ($num_software_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_software_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_software; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if (lookupUserPermission("module_credential") >= 1) { ?>
<li class="nav-item">
<a href="credentials.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "credentials.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-key"></i>
<p>
Credentials
<?php
if ($num_credentials > 0) { ?>
<span class="right badge text-light"><?php echo $num_credentials; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item">
<a href="networks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "networks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-network-wired"></i>
<p>
Networks
<?php
if ($num_networks > 0) { ?>
<span class="right badge text-light"><?php echo $num_networks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_racks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_racks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-server"></i>
<p>
Racks
<?php
if ($num_racks > 0) { ?>
<span class="right badge text-light"><?php echo $num_racks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="certificates.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "certificates.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-lock"></i>
<p>
Certificates
<?php
if ($num_certificates > 0) { ?>
<span class="right badge <?php if ($num_certificates_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_certificates_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_certificates; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="domains.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "domains.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-globe"></i>
<p>
Domains
<?php
if ($num_domains > 0) { ?>
<span class="right badge <?php if (isset($num_domains_expiring)) { ?> badge-warning text-dark<?php } ?> <?php if (isset($num_domains_expired)) { ?> badge-danger <?php } ?> text-white"><?php echo $num_domains; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="services.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "services.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-stream"></i>
<p>
Services
<?php
if ($num_services > 0) { ?>
<span class="right badge text-light"><?php echo $num_services; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_documents.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_documents.php" || basename($_SERVER["PHP_SELF"]) == "client_document_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-folder"></i>
<p>
Documents
<?php
if ($num_documents > 0) { ?>
<span class="right badge text-light"><?php echo $num_documents; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<!-- Allow files even without module_support for things like contracts, etc. ) -->
<li class="nav-item">
<a href="client_files.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_files.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-paperclip"></i>
<p>
Files
<?php
if ($num_files > 0) { ?>
<span class="right badge text-light"><?php echo $num_files; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php if ($config_module_enable_accounting == 1) { ?>
<li class="nav-header mt-3">BILLING</li>
<?php if (lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-item">
<a href="invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "invoices.php" || basename($_SERVER["PHP_SELF"]) == "invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
<p>
Invoices
<?php
if ($num_invoices > 0) { ?>
<span class="right badge <?php if ($num_invoices_open > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_invoices; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php" || basename($_SERVER["PHP_SELF"]) == "recurring_invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring Invoices
<?php
if ($num_recurring_invoices) { ?>
<span class="right badge"><?php echo $num_recurring_invoices; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="quotes.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-comment-dollar"></i>
<p>
Quotes
<?php
if ($num_quotes > 0) { ?>
<span class="right badge text-light"><?php echo $num_quotes; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_financial") >= 1) { ?>
<li class="nav-item">
<a href="payments.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
<p>
Payments
<?php
if ($num_payments > 0) { ?>
<span class="right badge text-light"><?php echo $num_payments; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item">
<a href="trips.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "trips.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-route"></i>
<p>
Trips
<?php
if ($num_trips > 0) { ?>
<span class="right badge text-light"><?php echo $num_trips; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
</ul>
</nav>
<!-- /.sidebar-menu -->
<div class="mb-3"></div>
</div>
<!-- /.sidebar -->
</aside>

2
user/includes/inc_all_client.php
View File

@ -309,7 +309,7 @@ if (isset($_GET['client_id'])) {
require_once "../includes/header.php";
require_once "../includes/top_nav.php";
require_once "includes/side_nav.php";
require_once "includes/client_side_nav.php";
require_once "../includes/inc_wrapper.php";
require_once "../includes/inc_alert_feedback.php";
require_once "includes/inc_client_top_head.php";

16
user/invoice.php
View File

@ -250,7 +250,7 @@ if (isset($_GET['invoice_id'])) {
<?php if ($credit_balance) { ?>
<a class="dropdown-item" href="#" data-toggle="ajax-modal" data-ajax-url="ajax/ajax_invoice_apply_credit.php" data-ajax-id="<?php echo $invoice_id; ?>"><i class="fas fa-fw fa-wallet mr-2"></i>Apply Credit (Balance: <?php echo numfmt_format_currency($currency_format, $credit_balance, $client_currency_code); ?>)</a>
<?php } ?>
<a class="dropdown-item" href="guest/guest_pay_invoice_stripe.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"; ?>">Enter Card Manually</a>
<a class="dropdown-item" href="../guest/guest_pay_invoice_stripe.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"; ?>">Enter Card Manually</a>
<?php
if (mysqli_num_rows($sql_saved_payment_methods) > 0) { ?>
<h6 class="dropdown-header text-left">Pay with a Saved Card</h6>
@ -320,7 +320,7 @@ if (isset($_GET['invoice_id'])) {
<i class="fa fa-fw fa-paper-plane text-secondary mr-2"></i>Send Email
</a>
<?php } ?>
<a class="dropdown-item" target="_blank" href="guest/guest_view_invoice.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"; ?>">
<a class="dropdown-item" target="_blank" href="../guest/guest_view_invoice.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"; ?>">
<i class="fa fa-fw fa-link text-secondary mr-2"></i>Guest URL
</a>
<?php if ($invoice_status !== 'Cancelled' && $invoice_status !== 'Paid' && $invoice_status !== 'Non-Billable') { ?>
@ -345,12 +345,12 @@ if (isset($_GET['invoice_id'])) {
<div class="card-body">
<div class="row mb-3">
<?php if (file_exists("uploads/settings/$company_logo")) { ?>
<?php if (file_exists("../uploads/settings/$company_logo")) { ?>
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>" alt="Company logo">
<img class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>" alt="Company logo">
</div>
<?php } ?>
<div class="col-sm-6 <?php if (!file_exists("uploads/settings/$company_logo")) { echo "col-sm-8"; } ?>">
<div class="col-sm-6 <?php if (!file_exists("../uploads/settings/$company_logo")) { echo "col-sm-8"; } ?>">
<ul class="list-unstyled">
<li><h4><strong><?php echo $company_name; ?></strong></h4></li>
<li><?php echo $company_address; ?></li>
@ -764,8 +764,8 @@ require_once "../includes/footer.php";
?>
<!-- JSON Autocomplete / type ahead -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script>
$(function() {
var availableProducts = <?php echo $json_products ?? '""'?>;
@ -784,7 +784,7 @@ require_once "../includes/footer.php";
});
</script>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script>
new Sortable(document.querySelector('table#items tbody'), {
handle: '.drag-handle',

41
user/js/ai_reword.js Normal file
View File

@ -0,0 +1,41 @@
document.getElementById('rewordButton').addEventListener('click', function() {
var textInput = this.closest('form').querySelector('textarea');
var ticketDescription = document.getElementById('ticketDescription');
var rewordButton = document.getElementById('rewordButton');
var undoButton = document.getElementById('undoButton');
var previousText = textInput.value; // Store the current text
// Disable the Reword button and show loading state
rewordButton.disabled = true;
rewordButton.innerText = 'Processing...';
fetch('post.php?ai_reword', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
// Body with the text to reword and the ticket description
body: JSON.stringify({
text: textInput.value,
ticketDescription: ticketDescription.innerText.valueOf(),
}),
})
.then(response => response.json())
.then(data => {
textInput.value = data.rewordedText || 'Error: Could not reword the text.';
rewordButton.disabled = false;
rewordButton.innerText = 'Reword'; // Reset button text
undoButton.style.display = 'inline'; // Show the Undo button
// Set up the Undo button to revert to the previous text
undoButton.onclick = function() {
textInput.value = previousText;
this.style.display = 'none'; // Hide the Undo button again
};
})
.catch(error => {
console.error('Error:', error);
rewordButton.disabled = false;
rewordButton.innerText = 'Reword'; // Reset button text
});
});

14
user/js/ai_ticket_summary.js Normal file
View File

@ -0,0 +1,14 @@
$('#summaryModal').on('shown.bs.modal', function (e) {
// Perform AJAX request to get the summary
$.ajax({
url: 'post.php?ai_ticket_summary',
method: 'POST',
data: { ticket_id: <?php echo $ticket_id; ?> },
success: function(response) {
$('#summaryContent').html(response);
},
error: function() {
$('#summaryContent').html('Error generating summary.');
}
});
});

23
user/js/autopay_setup_stripe.js Normal file
View File

@ -0,0 +1,23 @@
// Initialize Stripe.js
const stripe = Stripe(document.getElementById("stripe_publishable_key").value);
initialize();
// Fetch Checkout Session and retrieve the client secret
async function initialize() {
const fetchClientSecret = async () => {
const response = await fetch("/client/post.php?create_stripe_checkout", {
method: "POST",
});
const { clientSecret } = await response.json();
return clientSecret;
};
// Initialize Checkout
const checkout = await stripe.initEmbeddedCheckout({
fetchClientSecret,
});
// Mount Checkout
checkout.mount('#checkout');
}

0
js/certificate_fetch_ssl.js → user/js/certificate_fetch_ssl.js
View File

0
js/client_delete_confirm.js → user/js/client_delete_confirm.js
View File

16
user/js/credential_show_otp_via_id.js Normal file
View File

@ -0,0 +1,16 @@
function showOTPViaCredentialID(credential_id) {
// Send a GET request to ajax.php as ajax.php?get_totp_token_via_id=true&credential_id=ID
jQuery.get(
"ajax.php", {
get_totp_token_via_id: 'true',
credential_id: credential_id
},
function(data) {
//If we get a response from post.php, parse it as JSON
const token = JSON.parse(data);
document.getElementById("otp_" + credential_id).innerText = token
}
);
}

0
js/file_delete_modal.js → user/js/file_delete_modal.js
View File

14
user/js/generate_password.js Normal file
View File

@ -0,0 +1,14 @@
function generatePassword(login_id) {
// Send a GET request to ajax.php as ajax.php?get_readable_pass=true
jQuery.get(
"ajax.php", {
get_readable_pass: 'true'
},
function(data) {
//If we get a response from post.php, parse it as JSON
const password = JSON.parse(data);
document.getElementById("password").value = password;
}
);
}

117
user/js/guest_pay_invoice_stripe.js Normal file
View File

@ -0,0 +1,117 @@
const stripe = Stripe(document.getElementById("stripe_publishable_key").value);
let elements;
initialize();
checkStatus();
document
.querySelector("#payment-form")
.addEventListener("submit", handleSubmit);
let emailAddress = '';
// Fetches a payment intent and captures the client secret
async function initialize() {
const { clientSecret } = await fetch("guest_ajax.php?stripe_create_pi=true", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
invoice_id: document.getElementById("invoice_id").value,
url_key: document.getElementById("url_key").value
}),
}).then((r) => r.json());
elements = stripe.elements({ clientSecret });
const paymentElementOptions = {
layout: "tabs",
};
const paymentElement = elements.create("payment", paymentElementOptions);
paymentElement.mount("#payment-element");
// Unhide the submit button once everything has loaded
document.getElementById("submit").hidden = false;
}
async function handleSubmit(e) {
e.preventDefault();
setLoading(true);
const { error } = await stripe.confirmPayment({
elements,
confirmParams: {
return_url: window.location.href,
receipt_email: emailAddress,
},
});
// This point will only be reached if there is an immediate error when
// confirming the payment. Otherwise, your customer will be redirected to
// your `return_url`. For some payment methods like iDEAL, your customer will
// be redirected to an intermediate site first to authorize the payment, then
// redirected to the `return_url`.
if (error.type === "card_error" || error.type === "validation_error") {
showMessage(error.message);
} else {
showMessage("An unexpected error occurred.");
}
setLoading(false);
}
// Fetches the payment intent status after payment submission
async function checkStatus() {
const clientSecret = new URLSearchParams(window.location.search).get(
"payment_intent_client_secret"
);
if (!clientSecret) {
return;
}
const { paymentIntent } = await stripe.retrievePaymentIntent(clientSecret);
switch (paymentIntent.status) {
case "succeeded":
showMessage("Payment succeeded!");
break;
case "processing":
showMessage("Your payment is processing.");
break;
case "requires_payment_method":
showMessage("Your payment was not successful, please try again.");
break;
default:
showMessage("Something went wrong.");
break;
}
}
// ------- UI helpers -------
function showMessage(messageText) {
const messageContainer = document.querySelector("#payment-message");
messageContainer.classList.remove("hidden");
messageContainer.textContent = messageText;
setTimeout(function () {
messageContainer.classList.add("hidden");
messageText.textContent = "";
}, 4000);
}
// Show a spinner on payment submission
function setLoading(isLoading) {
if (isLoading) {
// Disable the button and show a spinner
document.querySelector("#submit").disabled = true;
document.querySelector("#spinner").classList.remove("hidden");
document.querySelector("#button-text").classList.add("hidden");
} else {
document.querySelector("#submit").disabled = false;
document.querySelector("#spinner").classList.add("hidden");
document.querySelector("#button-text").classList.remove("hidden");
}
}

18
user/js/keepalive.js Normal file
View File

@ -0,0 +1,18 @@
// Keep PHP sessions alive
// Sends requests to keepalive.php in the background every 10 mins to prevent PHP garbage collection ending sessions
function keep_alive() {
//Send a GET request to keepalive.php as keepalive.php?keepalive
jQuery.get(
"../keepalive.php",
{keepalive: 'true'},
function(data) {
// Don't care about a response
}
);
}
// Run every 10 mins
setInterval(keep_alive, 600000);

58
user/js/share_modal.js Normal file
View File

@ -0,0 +1,58 @@
function populateShareModal(client_id, item_type, item_ref_id) {
// Populate HTML fields
document.getElementById("share_client_id").value = client_id;
document.getElementById("share_item_type").value = item_type;
document.getElementById("share_item_ref_id").value = item_ref_id;
// (re)Hide the URL/div (incase we're re-generating it)
document.getElementById("div_share_link_output").hidden = true;
document.getElementById("share_link").value = '';
// Show form and generate button
document.getElementById("div_share_link_form").hidden = false;
document.getElementById("div_share_link_generate").hidden = false;
$(document).ready(function() {
$('#share_email').select2({
tags: true,
placeholder: 'Select or type a value',
allowClear: true
});
});
}
function generateShareLink() {
let client_id = document.getElementById("share_client_id").value;
let item_type = document.getElementById("share_item_type").value;
let item_ref_id = document.getElementById("share_item_ref_id").value;
let item_note = document.getElementById("share_note").value;
let item_views = document.getElementById("share_views").checked ? 1 : 0;
let item_expires = document.querySelector('input[name="expires"]:checked').value;
let contact_email = document.getElementById("share_email").value;
// Check values are provided
if (item_expires) {
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
jQuery.get(
"ajax.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email},
function(data) {
// If we get a response from ajax.php, parse it as JSON
const response = JSON.parse(data);
// Hide the div/form & button used to generate the link
document.getElementById("div_share_link_form").hidden = true;
document.getElementById("div_share_link_generate").hidden = true;
// Show the readonly input containing the shared link
document.getElementById("div_share_link_output").hidden = false;
document.getElementById("share_link").value = response;
// Copy link to clipboard
navigator.clipboard.writeText(response);
}
);
}
}

0
js/ticket_change_client.js → user/js/ticket_change_client.js
View File

0
js/ticket_collision_detection.js → user/js/ticket_collision_detection.js
View File

0
js/ticket_merge.js → user/js/ticket_merge.js
View File

0
js/ticket_time_tracking.js → user/js/ticket_time_tracking.js
View File

0
js/tickets_add_modal.js → user/js/tickets_add_modal.js
View File

0
js/tickets_kanban.js → user/js/tickets_kanban.js
View File

4
user/modals/recurring_ticket_add_modal.php
View File

@ -286,6 +286,6 @@
</div>
<!-- Recurring Ticket Client/Contact JS -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script src="js/tickets_add_modal.js"></script>

4
user/modals/ticket_add_modal_v2.php
View File

@ -327,7 +327,7 @@
</script>
<!-- Ticket Client/Contact JS -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script src="js/tickets_add_modal.js"></script>

4
user/modals/ticket_change_client_modal.php
View File

@ -44,6 +44,6 @@
</div>
<!-- Ticket Change Client JS -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script src="js/ticket_change_client.js"></script>

2
user/modals/transfer_add_modal.php
View File

@ -153,7 +153,7 @@
<option value="">- Method of Transfer -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM payment_methods WHERE payment_method_provider_id = 0 ORDER BY payment_method_name ASC");
$sql = mysqli_query($mysqli, "SELECT * FROM payment_methods ORDER BY payment_method_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$payment_method_name = nullable_htmlentities($row['payment_method_name']);
?>

4
user/modals/user_mfa_modal.php
View File

@ -1,5 +1,5 @@
<?php
require_once 'plugins/totp/totp.php';
require_once '../plugins/totp/totp.php';
// Only generate the token once and store it in session:
if (empty($_SESSION['mfa_token'])) {
@ -27,7 +27,7 @@ $data = "otpauth://totp/ITFlow:$session_email?secret=$token";
<div class="modal-body">
<div class="text-center">
<img src='plugins/barcode/barcode.php?f=png&s=qr&d=<?php echo $data; ?>'>
<img src='../plugins/barcode/barcode.php?f=png&s=qr&d=<?php echo $data; ?>'>
<p><span class='text-secondary'>Secret:</span> <?php echo $token; ?>
<button type="button" class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $token; ?>'><i class='far fa-copy text-secondary'></i></button>
</p>

2
user/project_details.php
View File

@ -567,4 +567,4 @@ require_once "../includes/footer.php";
<script src="../js/bulk_actions.js"></script>
<script src="js/pretty_content.js"></script>
<script src="../js/pretty_content.js"></script>

16
user/quote.php
View File

@ -231,7 +231,7 @@ if (isset($_GET['quote_id'])) {
<i class="fa fa-fw fa-paper-plane text-secondary mr-2"></i>Send Email
</a>
<?php } ?>
<a class="dropdown-item" target="_blank" href="guest/guest_view_quote.php?quote_id=<?php echo "$quote_id&url_key=$quote_url_key"; ?>">
<a class="dropdown-item" target="_blank" href="../guest/guest_view_quote.php?quote_id=<?php echo "$quote_id&url_key=$quote_url_key"; ?>">
<i class="fa fa-fw fa-link text-secondary mr-2"></i>Guest URL
</a>
<?php if (lookupUserPermission("module_sales") >= 3) { ?>
@ -250,12 +250,12 @@ if (isset($_GET['quote_id'])) {
<div class="card-body">
<div class="row mb-3">
<?php if (file_exists("uploads/settings/$company_logo")) { ?>
<?php if (file_exists("../uploads/settings/$company_logo")) { ?>
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>" alt="Company logo">
<img class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>" alt="Company logo">
</div>
<?php } ?>
<div class="col-sm-6 <?php if (!file_exists("uploads/settings/$company_logo")) { echo "col-sm-8"; } ?>">
<div class="col-sm-6 <?php if (!file_exists("../uploads/settings/$company_logo")) { echo "col-sm-8"; } ?>">
<ul class="list-unstyled">
<li><h4><strong><?php echo $company_name; ?></strong></h4></li>
<li><?php echo $company_address; ?></li>
@ -525,7 +525,7 @@ if (isset($_GET['quote_id'])) {
?>
<tr>
<td><a target="_blank" href="/uploads/clients/<?php echo $client_id ?>/<?php echo $ref_name ?>"><?php echo $name; ?></a></td>
<td><a target="_blank" href="../uploads/clients/<?php echo $client_id ?>/<?php echo $ref_name ?>"><?php echo $name; ?></a></td>
<td><?php echo $created; ?></td>
</tr>
<?php
@ -599,8 +599,8 @@ require_once "../includes/footer.php";
<!-- JSON Autocomplete / type ahead -->
<!-- //TODO: Move to js/ -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script>
$(function() {
var availableProducts = <?php echo $json_products ?? '""' ?>;
@ -619,7 +619,7 @@ require_once "../includes/footer.php";
});
</script>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script>
new Sortable(document.querySelector('table#items tbody'), {
handle: '.drag-handle',

8
user/recurring_invoice.php
View File

@ -216,7 +216,7 @@ if (isset($_GET['recurring_invoice_id'])) {
<div class="row mb-3">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>" alt="Company logo">
<img class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>" alt="Company logo">
</div>
<div class="col-sm-6">
<ul class="list-unstyled">
@ -500,8 +500,8 @@ require_once "../includes/footer.php";
?>
<!-- JSON Autocomplete / type ahead -->
<link rel="stylesheet" href="plugins/jquery-ui/jquery-ui.min.css">
<script src="plugins/jquery-ui/jquery-ui.min.js"></script>
<link rel="stylesheet" href="../plugins/jquery-ui/jquery-ui.min.css">
<script src="../plugins/jquery-ui/jquery-ui.min.js"></script>
<script>
$(function() {
var availableProducts = <?php echo $json_products?>;
@ -520,7 +520,7 @@ require_once "../includes/footer.php";
});
</script>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script>
new Sortable(document.querySelector('table#items tbody'), {
handle: '.drag-handle',

16
user/ticket.php
View File

@ -13,7 +13,7 @@ if (isset($_GET['client_id'])) {
enforceUserPermission('module_support');
// Initialize the HTML Purifier to prevent XSS
require_once "plugins/htmlpurifier/HTMLPurifier.standalone.php";
require_once "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
@ -608,7 +608,7 @@ if (isset($_GET['ticket_id'])) {
while ($ticket_attachment = mysqli_fetch_array($sql_ticket_attachments)) {
$name = nullable_htmlentities($ticket_attachment['ticket_attachment_name']);
$ref_name = nullable_htmlentities($ticket_attachment['ticket_attachment_reference_name']);
echo "<hr class=''><i class='fas fa-fw fa-paperclip text-secondary mr-1'></i>$name | <a href='uploads/tickets/$ticket_id/$ref_name' download='$name'><i class='fas fa-fw fa-download mr-1'></i>Download</a> | <a target='_blank' href='uploads/tickets/$ticket_id/$ref_name'><i class='fas fa-fw fa-external-link-alt mr-1'></i>View</a>";
echo "<hr class=''><i class='fas fa-fw fa-paperclip text-secondary mr-1'></i>$name | <a href='../uploads/tickets/$ticket_id/$ref_name' download='$name'><i class='fas fa-fw fa-download mr-1'></i>Download</a> | <a target='_blank' href='../uploads/tickets/$ticket_id/$ref_name'><i class='fas fa-fw fa-external-link-alt mr-1'></i>View</a>";
}
?>
</div>
@ -724,13 +724,13 @@ if (isset($_GET['ticket_id'])) {
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
$user_initials = initials($row['contact_name']);
$user_avatar = nullable_htmlentities($row['contact_photo']);
$avatar_link = "uploads/clients/$client_id/$user_avatar";
$avatar_link = "../uploads/clients/$client_id/$user_avatar";
} else {
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
$user_id = intval($row['user_id']);
$user_avatar = nullable_htmlentities($row['user_avatar']);
$user_initials = initials($row['user_name']);
$avatar_link = "uploads/users/$user_id/$user_avatar";
$avatar_link = "../uploads/users/$user_id/$user_avatar";
$ticket_reply_time_worked = date_create($row['ticket_reply_time_worked']);
}
@ -824,7 +824,7 @@ if (isset($_GET['ticket_id'])) {
while ($ticket_attachment = mysqli_fetch_array($sql_ticket_reply_attachments)) {
$name = nullable_htmlentities($ticket_attachment['ticket_attachment_name']);
$ref_name = nullable_htmlentities($ticket_attachment['ticket_attachment_reference_name']);
echo "<hr><i class='fas fa-fw fa-paperclip text-secondary mr-1'></i>$name | <a href='uploads/tickets/$ticket_id/$ref_name' download='$name'><i class='fas fa-fw fa-download mr-1'></i>Download</a> | <a target='_blank' href='uploads/tickets/$ticket_id/$ref_name'><i class='fas fa-fw fa-external-link-alt mr-1'></i>View</a>";
echo "<hr><i class='fas fa-fw fa-paperclip text-secondary mr-1'></i>$name | <a href='../uploads/tickets/$ticket_id/$ref_name' download='$name'><i class='fas fa-fw fa-download mr-1'></i>Download</a> | <a target='_blank' href='../uploads/tickets/$ticket_id/$ref_name'><i class='fas fa-fw fa-external-link-alt mr-1'></i>View</a>";
}
?>
</div>
@ -1322,7 +1322,7 @@ require_once "../includes/footer.php";
</div>
</div>
<script src="js/show_modals.js"></script>
<script src="../js/show_modals.js"></script>
<?php if (empty($ticket_closed_at)) { ?>
<!-- create js variable related to ticket timer setting -->
@ -1337,7 +1337,7 @@ require_once "../includes/footer.php";
<script src="js/ticket_collision_detection.js"></script>
<?php } ?>
<script src="js/pretty_content.js"></script>
<script src="../js/pretty_content.js"></script>
<script>
$('#summaryModal').on('shown.bs.modal', function (e) {
@ -1356,7 +1356,7 @@ require_once "../includes/footer.php";
});
</script>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script>
new Sortable(document.querySelector('table#tasks tbody'), {
handle: '.drag-handle',

4
user/tickets_kanban.php
View File

@ -1,4 +1,4 @@
<link rel="stylesheet" href="css/tickets_kanban.css">
<link rel="stylesheet" href="../css/tickets_kanban.css">
<?php
@ -153,5 +153,5 @@ echo "const CONFIG_TICKET_MOVING_COLUMNS = " . json_encode($config_ticket_movi
echo "const CONFIG_TICKET_ORDERING = " . json_encode($config_ticket_ordering) . ";";
echo "</script>";
?>
<script src="plugins/SortableJS/Sortable.min.js"></script>
<script src="../plugins/SortableJS/Sortable.min.js"></script>
<script src="js/tickets_kanban.js"></script>