diff --git a/user/database_updates.php b/admin/database_updates.php similarity index 100% rename from user/database_updates.php rename to admin/database_updates.php diff --git a/admin/post/category.php b/admin/post/category.php index fefb7a81..87d80868 100644 --- a/admin/post/category.php +++ b/admin/post/category.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_category'])) { - require_once 'post/admin/admin_category_model.php'; + require_once 'category_model.php'; mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); @@ -25,7 +25,7 @@ if (isset($_POST['add_category'])) { if (isset($_POST['edit_category'])) { - require_once 'post/admin/admin_category_model.php'; + require_once 'category_model.php'; $category_id = intval($_POST['category_id']); diff --git a/admin/post/custom_field.php b/admin/post/custom_field.php index e8f68fbe..c4b843ed 100644 --- a/admin/post/custom_field.php +++ b/admin/post/custom_field.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if(isset($_POST['create_custom_field'])){ - require_once 'post/admin/admin_custom_field_model.php'; + require_once 'custom_field_model.php'; $table = sanitizeInput($_POST['table']); @@ -27,7 +27,7 @@ if(isset($_POST['create_custom_field'])){ if(isset($_POST['edit_custom_field'])){ - require_once 'post/admin/admin_custom_field_model.php'; + require_once 'custom_field_model.php'; $custom_field_id = intval($_POST['custom_field_id']); diff --git a/admin/post/settings_company.php b/admin/post/settings_company.php index acaee04d..d19587eb 100644 --- a/admin/post/settings_company.php +++ b/admin/post/settings_company.php @@ -28,13 +28,13 @@ if (isset($_POST['edit_company'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/settings/"; + $upload_file_dir = "../uploads/settings/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); // Delete old file - unlink("uploads/settings/$existing_file_name"); + unlink("../uploads/settings/$existing_file_name"); // Set Logo mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1"); @@ -59,7 +59,7 @@ if (isset($_GET['remove_company_logo'])) { $row = mysqli_fetch_array($sql); $company_logo = $row['company_logo']; // FileSystem Operation Logo is already sanitized - unlink("uploads/settings/$company_logo"); + unlink("../uploads/settings/$company_logo"); mysqli_query($mysqli,"UPDATE companies SET company_logo = NULL WHERE company_id = 1"); diff --git a/admin/post/settings_online_payment_clients.php b/admin/post/settings_online_payment_clients.php index 6aa256b7..acc9ce51 100644 --- a/admin/post/settings_online_payment_clients.php +++ b/admin/post/settings_online_payment_clients.php @@ -16,7 +16,7 @@ if (isset($_GET['stripe_remove_pm'])) { try { // Initialize stripe - require_once 'plugins/stripe-php/init.php'; + require_once '../plugins/stripe-php/init.php'; $stripe = new \Stripe\StripeClient($config_stripe_secret); // Detach PM diff --git a/admin/post/settings_theme.php b/admin/post/settings_theme.php index 1af45c7a..5a64c628 100644 --- a/admin/post/settings_theme.php +++ b/admin/post/settings_theme.php @@ -30,12 +30,12 @@ if (isset($_POST['edit_favicon_settings'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // Delete old file - if(file_exists("uploads/favicon.ico")) { - unlink("uploads/favicon.ico"); + if(file_exists("../uploads/favicon.ico")) { + unlink("../uploads/favicon.ico"); } // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/"; + $upload_file_dir = "../uploads/"; //Force File Name $new_file_name = "favicon.ico"; $dest_path = $upload_file_dir . $new_file_name; diff --git a/admin/post/tag.php b/admin/post/tag.php index d5df9008..f2c5debb 100644 --- a/admin/post/tag.php +++ b/admin/post/tag.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_tag'])) { - require_once 'post/admin/admin_tag_model.php'; + require_once 'tag_model.php'; mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'"); @@ -25,7 +25,7 @@ if (isset($_POST['add_tag'])) { if (isset($_POST['edit_tag'])) { - require_once 'post/admin/admin_tag_model.php'; + require_once 'post/tag_model.php'; $tag_id = intval($_POST['tag_id']); diff --git a/admin/post/ticket_template.php b/admin/post/ticket_template.php index 49a99f92..deae39e3 100644 --- a/admin/post/ticket_template.php +++ b/admin/post/ticket_template.php @@ -5,8 +5,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); // Import shared code from user-side tickets/tasks as we reuse functions -require_once 'post/user/ticket.php'; -require_once 'post/user/task.php'; +require_once '../user/post/ticket.php'; +require_once '../user/post/task.php'; if (isset($_POST['add_ticket_template'])) { diff --git a/admin/post/update.php b/admin/post/update.php index 453cff3c..79297839 100644 --- a/admin/post/update.php +++ b/admin/post/update.php @@ -288,7 +288,7 @@ if (isset($_GET['update_db'])) { //validateAdminRole(); // Old function // Get the current version - require_once ('includes/database_version.php'); + require_once ('../includes/database_version.php'); // Perform upgrades, if required require_once ('database_updates.php'); diff --git a/admin/post/users.php b/admin/post/users.php index 4e2f433f..104d2dd8 100644 --- a/admin/post/users.php +++ b/admin/post/users.php @@ -27,8 +27,8 @@ if (isset($_POST['add_user'])) { } } - if (!file_exists("uploads/users/$user_id/")) { - mkdir("uploads/users/$user_id"); + if (!file_exists("../uploads/users/$user_id/")) { + mkdir("../uploads/users/$user_id"); } // Check for and process image/photo @@ -103,7 +103,7 @@ if (isset($_POST['edit_user'])) { validateCSRFToken($_POST['csrf_token']); - require_once 'post/admin/admin_user_model.php'; + require_once 'user_model.php'; $user_id = intval($_POST['user_id']); $new_password = trim($_POST['new_password']); @@ -127,8 +127,8 @@ if (isset($_POST['edit_user'])) { $two_fa = $_POST['2fa']; } - if (!file_exists("uploads/users/$user_id/")) { - mkdir("uploads/users/$user_id"); + if (!file_exists("../uploads/users/$user_id/")) { + mkdir("../uploads/users/$user_id"); } // Check for and process image/photo @@ -139,7 +139,7 @@ if (isset($_POST['edit_user'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/users/$user_id/"; + $upload_file_dir = "../uploads/users/$user_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); diff --git a/admin/post/vendor_template.php b/admin/post/vendor_template.php index 719eec80..35ee840f 100644 --- a/admin/post/vendor_template.php +++ b/admin/post/vendor_template.php @@ -5,7 +5,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); // Import shared code from user-side vendor management as we reuse functions -require_once 'post/user/vendor.php'; +require_once '../user/post/vendor.php'; if (isset($_POST['add_vendor_template'])) { diff --git a/css/quote_dropdowns_fix.css b/css/quote_dropdowns_fix.css deleted file mode 100644 index 24e039f8..00000000 --- a/css/quote_dropdowns_fix.css +++ /dev/null @@ -1,15 +0,0 @@ -/*! - * AdminLTE 3.2.0 Specific Dropdown Fix - * Targets .fix-quote-dropdown only - * Prevents alignment bugs in split button dropdowns going too far left - * (ChatGPT) - */ - -.fix-quote-dropdown .dropdown-menu { - left: auto !important; - right: 0 !important; - top: calc(100% + 0.25rem) !important; - transform: none !important; - min-width: max-content; - z-index: 1050; -} diff --git a/css/tickets_kanban.css b/css/tickets_kanban.css deleted file mode 100644 index 140c0f9e..00000000 --- a/css/tickets_kanban.css +++ /dev/null @@ -1,83 +0,0 @@ -/* General Popover Styling */ -.popover { - max-width: 600px; -} - -/* Kanban Board Container */ -#kanban-board { - display: flex; - overflow-x: auto; - box-sizing: border-box; - min-width: 400px; - height: calc(100vh - 210px); -} - -/* Kanban Column */ -.kanban-column { - flex: 1; - min-width: 300px; - max-width: 300px; - margin: 0 10px; - background: #f4f4f4; - border: 1px solid #ccc; - border-radius: 4px; - padding: 10px; - min-height: calc(100vh - 230px); - max-height: calc(100vh - 230px); - box-sizing: border-box; - display: flex; - flex-direction: column; -} - -/* Column Inner Scrollable Task Area */ -.kanban-status { - flex: 1; - overflow-y: auto; - min-height: 60px; - position: relative; - padding: 5px; - background-color: #f9f9f9; - border-radius: 4px; -} - -/* Individual Task Cards */ -.task { - background: #fff; - margin: 5px 0; - padding: 10px; - border: 1px solid #ddd; - border-radius: 4px; - cursor: grab; - user-select: none; -} - -/* Grabbing Cursor State */ -.task:active { - cursor: grabbing; -} - -/* Drag Handle (shown on mobile or with class targeting) */ -.drag-handle-class { - float: right; - touch-action: none; - cursor: grab; -} - -/* Placeholder shown in empty columns */ -.empty-placeholder { - border: 2px dashed #ccc; - background-color: #fcfcfc; - color: #999; - font-style: italic; - padding: 12px; - margin: 10px 0; - text-align: center; - border-radius: 4px; - pointer-events: none; -} - -/* Sortable drop zone feedback (optional visual cue) */ -.kanban-status.sortable-over { - background-color: #eaf6ff; - transition: background-color 0.2s ease; -} diff --git a/js/ai_ticket_summary.js b/js/ai_ticket_summary.js deleted file mode 100644 index 9741d353..00000000 --- a/js/ai_ticket_summary.js +++ /dev/null @@ -1,14 +0,0 @@ -$('#summaryModal').on('shown.bs.modal', function (e) { - // Perform AJAX request to get the summary - $.ajax({ - url: 'post.php?ai_ticket_summary', - method: 'POST', - data: { ticket_id: }, - success: function(response) { - $('#summaryContent').html(response); - }, - error: function() { - $('#summaryContent').html('Error generating summary.'); - } - }); -}); \ No newline at end of file diff --git a/js/generate_password.js b/js/generate_password.js deleted file mode 100644 index fe31eebc..00000000 --- a/js/generate_password.js +++ /dev/null @@ -1,14 +0,0 @@ -function generatePassword(login_id) { - // Send a GET request to ajax.php as ajax.php?get_readable_pass=true - jQuery.get( - "ajax.php", { - get_readable_pass: 'true' - }, - function(data) { - //If we get a response from post.php, parse it as JSON - const password = JSON.parse(data); - - document.getElementById("password").value = password; - } - ); -} diff --git a/js/share_modal.js b/js/share_modal.js deleted file mode 100644 index c835e4df..00000000 --- a/js/share_modal.js +++ /dev/null @@ -1,58 +0,0 @@ -function populateShareModal(client_id, item_type, item_ref_id) { - - // Populate HTML fields - document.getElementById("share_client_id").value = client_id; - document.getElementById("share_item_type").value = item_type; - document.getElementById("share_item_ref_id").value = item_ref_id; - - // (re)Hide the URL/div (incase we're re-generating it) - document.getElementById("div_share_link_output").hidden = true; - document.getElementById("share_link").value = ''; - - // Show form and generate button - document.getElementById("div_share_link_form").hidden = false; - document.getElementById("div_share_link_generate").hidden = false; - - $(document).ready(function() { - $('#share_email').select2({ - tags: true, - placeholder: 'Select or type a value', - allowClear: true - }); - }); -} - -function generateShareLink() { - let client_id = document.getElementById("share_client_id").value; - let item_type = document.getElementById("share_item_type").value; - let item_ref_id = document.getElementById("share_item_ref_id").value; - let item_note = document.getElementById("share_note").value; - let item_views = document.getElementById("share_views").checked ? 1 : 0; - let item_expires = document.querySelector('input[name="expires"]:checked').value; - let contact_email = document.getElementById("share_email").value; - - // Check values are provided - if (item_expires) { - // Send a GET request to ajax.php as ajax.php?share_generate_link=true.... - jQuery.get( - "../ajax.php", - {share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email}, - function(data) { - - // If we get a response from ajax.php, parse it as JSON - const response = JSON.parse(data); - - // Hide the div/form & button used to generate the link - document.getElementById("div_share_link_form").hidden = true; - document.getElementById("div_share_link_generate").hidden = true; - - // Show the readonly input containing the shared link - document.getElementById("div_share_link_output").hidden = false; - document.getElementById("share_link").value = response; - - // Copy link to clipboard - navigator.clipboard.writeText(response); - } - ); - } -} diff --git a/user/post/asset.php b/user/post/asset.php index f34b0a27..272dc023 100644 --- a/user/post/asset.php +++ b/user/post/asset.php @@ -27,10 +27,10 @@ if (isset($_POST['add_asset'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -100,13 +100,13 @@ if (isset($_POST['edit_asset'])) { // Set directory in which the uploaded file will be moved $file_tmp_path = $_FILES['file']['tmp_name']; - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); //Delete old file - unlink("uploads/clients/$client_id/$existing_file_name"); + unlink("../uploads/clients/$client_id/$existing_file_name"); mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); } diff --git a/user/post/category.php b/user/post/category.php index aeafd94d..773fd6fd 100644 --- a/user/post/category.php +++ b/user/post/category.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_category'])) { - require_once 'post/user/category_model.php'; + require_once 'category_model.php'; mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); diff --git a/user/post/certificate.php b/user/post/certificate.php index b5e9b3f3..779ff5a0 100644 --- a/user/post/certificate.php +++ b/user/post/certificate.php @@ -10,7 +10,7 @@ if (isset($_POST['add_certificate'])) { enforceUserPermission('module_support', 2); - require_once 'post/user/certificate_model.php'; + require_once 'certificate_model.php'; // Parse public key data for a manually provided public key if (!empty($public_key) && (empty($expire) && empty($issued_by))) { @@ -45,7 +45,7 @@ if (isset($_POST['edit_certificate'])) { enforceUserPermission('module_support', 2); - require_once 'post/user/certificate_model.php'; + require_once 'certificate_model.php'; $certificate_id = intval($_POST['certificate_id']); // Parse public key data for a manually provided public key diff --git a/user/post/client.php b/user/post/client.php index cb71f849..8c387ee4 100644 --- a/user/post/client.php +++ b/user/post/client.php @@ -520,9 +520,9 @@ if (isset($_POST["import_clients_csv"])) { $client_id = mysqli_insert_id($mysqli); - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); - file_put_contents("uploads/clients/$client_id/index.php", ""); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); + file_put_contents("../uploads/clients/$client_id/index.php", ""); } // Create Referral if it doesn't exist diff --git a/user/post/contact.php b/user/post/contact.php index 5a0c43b7..ff231609 100644 --- a/user/post/contact.php +++ b/user/post/contact.php @@ -10,7 +10,7 @@ if (isset($_POST['add_contact'])) { enforceUserPermission('module_client', 2); - require_once 'post/user/contact_model.php'; + require_once 'contact_model.php'; // Create User Account $user_id = 0; @@ -54,10 +54,10 @@ if (isset($_POST['add_contact'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -81,7 +81,7 @@ if (isset($_POST['edit_contact'])) { enforceUserPermission('module_client', 2); - require_once 'post/user/contact_model.php'; + require_once 'contact_model.php'; $contact_id = intval($_POST['contact_id']); $send_email = intval($_POST['send_email'] ?? 0); @@ -92,8 +92,8 @@ if (isset($_POST['edit_contact'])) { $existing_file_name = sanitizeInput($row['contact_photo']); $contact_user_id = intval($row['contact_user_id']); - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } // Update Existing User @@ -130,13 +130,13 @@ if (isset($_POST['edit_contact'])) { // Set directory in which the uploaded file will be moved $file_tmp_path = $_FILES['file']['tmp_name']; - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); //Delete old file - unlink("uploads/clients/$client_id/$existing_file_name"); + unlink("../uploads/clients/$client_id/$existing_file_name"); mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id"); diff --git a/user/post/credential.php b/user/post/credential.php index 7ab7d9cf..8795b51a 100644 --- a/user/post/credential.php +++ b/user/post/credential.php @@ -10,7 +10,7 @@ if (isset($_POST['add_credential'])) { enforceUserPermission('module_credential', 2); - require_once 'post/user/credential_model.php'; + require_once 'credential_model.php'; mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id"); @@ -37,7 +37,7 @@ if (isset($_POST['edit_credential'])) { enforceUserPermission('module_credential', 2); - require_once 'post/user/credential_model.php'; + require_once 'credential_model.php'; $credential_id = intval($_POST['credential_id']); diff --git a/user/post/document.php b/user/post/document.php index 99b178c0..9330114c 100644 --- a/user/post/document.php +++ b/user/post/document.php @@ -564,7 +564,7 @@ if (isset($_GET['export_document'])) { $client_id = intval($row['document_client_id']); // Include the TCPDF class - require_once('plugins/TCPDF/tcpdf.php'); + require_once('../plugins/TCPDF/tcpdf.php'); $pdf = new TCPDF(); diff --git a/user/post/event.php b/user/post/event.php index 98b2cb32..e1724d52 100644 --- a/user/post/event.php +++ b/user/post/event.php @@ -43,7 +43,7 @@ if (isset($_POST['edit_calendar'])) { if (isset($_POST['add_event'])) { - require_once 'post/user/event_model.php'; + require_once 'event_model.php'; mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client"); @@ -117,7 +117,7 @@ if (isset($_POST['add_event'])) { if (isset($_POST['edit_event'])) { - require_once 'post/user/event_model.php'; + require_once 'event_model.php'; $event_id = intval($_POST['event_id']); diff --git a/user/post/expense.php b/user/post/expense.php index 1f3e94cf..7f4f7014 100644 --- a/user/post/expense.php +++ b/user/post/expense.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_expense'])) { - require_once 'post/user/expense_model.php'; + require_once 'expense_model.php'; mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'"); @@ -24,7 +24,7 @@ if (isset($_POST['add_expense'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/expenses/"; + $upload_file_dir = "../uploads/expenses/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -44,7 +44,7 @@ if (isset($_POST['add_expense'])) { if (isset($_POST['edit_expense'])) { - require_once 'post/user/expense_model.php'; + require_once 'expense_model.php'; $expense_id = intval($_POST['expense_id']); @@ -62,12 +62,12 @@ if (isset($_POST['edit_expense'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/expenses/"; + $upload_file_dir = "../uploads/expenses/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); //Delete old file - unlink("uploads/expenses/$existing_file_name"); + unlink("../uploads/expenses/$existing_file_name"); mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); $extended_alert_description = '. File successfully uploaded.'; @@ -94,7 +94,7 @@ if (isset($_GET['delete_expense'])) { $expense_description = sanitizeInput($row['expense_description']); $client_id = intval($row['expense_client_id']); - unlink("uploads/expenses/$expense_receipt"); + unlink("../uploads/expenses/$expense_receipt"); mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id"); @@ -243,7 +243,7 @@ if (isset($_POST['bulk_delete_expenses'])) { $expense_receipt = sanitizeInput($row['expense_receipt']); $client_id = intval($row['expense_client_id']); - unlink("uploads/expenses/$expense_receipt"); + unlink("../uploads/expenses/$expense_receipt"); mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id"); diff --git a/user/post/file.php b/user/post/file.php index 24b29ce5..110f4ea1 100644 --- a/user/post/file.php +++ b/user/post/file.php @@ -17,7 +17,7 @@ if (isset($_POST['upload_files'])) { $description = sanitizeInput($_POST['description']); $contact_id = intval($_POST['contact'] ?? 0); $asset_id = intval($_POST['asset'] ?? 0); - $client_dir = "uploads/clients/$client_id"; + $client_dir = "../uploads/clients/$client_id"; // Create client directory if it doesn't exist if (!is_dir($client_dir)) { @@ -295,13 +295,13 @@ if (isset($_POST['delete_file'])) { $file_has_thumbnail = intval($row['file_has_thumbnail']); $file_has_preview = intval($row['file_has_preview']); - unlink("uploads/clients/$client_id/$file_reference_name"); + unlink("../uploads/clients/$client_id/$file_reference_name"); if ($file_has_thumbnail == 1) { - unlink("uploads/clients/$client_id/thumbnail_$file_reference_name"); + unlink("../uploads/clients/$client_id/thumbnail_$file_reference_name"); } if ($file_has_preview == 1) { - unlink("uploads/clients/$client_id/preview_$file_reference_name"); + unlink("../uploads/clients/$client_id/preview_$file_reference_name"); } mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id"); @@ -339,13 +339,13 @@ if (isset($_POST['bulk_delete_files'])) { $file_has_thumbnail = intval($row['file_has_thumbnail']); $file_has_preview = intval($row['file_has_preview']); - unlink("uploads/clients/$client_id/$file_reference_name"); + unlink("../uploads/clients/$client_id/$file_reference_name"); if ($file_has_thumbnail == 1) { - unlink("uploads/clients/$client_id/thumbnail_$file_reference_name"); + unlink("../uploads/clients/$client_id/thumbnail_$file_reference_name"); } if ($file_has_preview == 1) { - unlink("uploads/clients/$client_id/preview_$file_reference_name"); + unlink("../uploads/clients/$client_id/preview_$file_reference_name"); } mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id"); diff --git a/user/post/invoice.php b/user/post/invoice.php index 77636e74..1c6c5dd2 100644 --- a/user/post/invoice.php +++ b/user/post/invoice.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_invoice'])) { - require_once 'post/user/invoice_model.php'; + require_once 'invoice_model.php'; $client_id = intval($_POST['client']); @@ -43,7 +43,7 @@ if (isset($_POST['add_invoice'])) { if (isset($_POST['edit_invoice'])) { - require_once 'post/user/invoice_model.php'; + require_once 'invoice_model.php'; $invoice_id = intval($_POST['invoice_id']); $due = sanitizeInput($_POST['due']); @@ -1133,7 +1133,7 @@ if (isset($_GET['add_payment_stripe'])) { } // Initialize Stripe - require_once __DIR__ . '/../../plugins/stripe-php/init.php'; + require_once __DIR__ . '/../plugins/stripe-php/init.php'; $stripe = new \Stripe\StripeClient($config_stripe_secret); $balance_to_pay = round($invoice_amount, 2); @@ -2124,7 +2124,7 @@ if (isset($_GET['export_invoice_pdf'])) { //Set Badge color based off of invoice status $invoice_badge_color = getInvoiceBadgeColor($invoice_status); - require_once("plugins/TCPDF/tcpdf.php"); + require_once("../plugins/TCPDF/tcpdf.php"); // Start TCPDF $pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false); @@ -2138,8 +2138,8 @@ if (isset($_GET['export_invoice_pdf'])) { $html = '
'; - if (!empty($company_logo) && file_exists("uploads/settings/$company_logo")) { - $html .= ''; + if (!empty($company_logo) && file_exists("../uploads/settings/$company_logo")) { + $html .= ''; } $html .= ' diff --git a/user/post/location.php b/user/post/location.php index 6413ed66..b5642773 100644 --- a/user/post/location.php +++ b/user/post/location.php @@ -10,11 +10,11 @@ if(isset($_POST['add_location'])){ enforceUserPermission('module_client', 2); - require_once 'post/user/location_model.php'; + require_once 'location_model.php'; - if(!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if(!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } mysqli_query($mysqli,"INSERT INTO locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact, location_client_id = $client_id"); @@ -41,7 +41,7 @@ if(isset($_POST['add_location'])){ $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -64,7 +64,7 @@ if(isset($_POST['edit_location'])){ enforceUserPermission('module_client', 2); - require_once 'post/user/location_model.php'; + require_once 'location_model.php'; $location_id = intval($_POST['location_id']); @@ -75,8 +75,8 @@ if(isset($_POST['edit_location'])){ $existing_file_name = sanitizeInput($row['location_photo']); - if(!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if(!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } mysqli_query($mysqli,"UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact WHERE location_id = $location_id"); @@ -104,13 +104,13 @@ if(isset($_POST['edit_location'])){ $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); //Delete old file - unlink("uploads/clients/$client_id/$existing_file_name"); + unlink("../uploads/clients/$client_id/$existing_file_name"); mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); diff --git a/user/post/network.php b/user/post/network.php index 62d2a814..1043067c 100644 --- a/user/post/network.php +++ b/user/post/network.php @@ -10,7 +10,7 @@ if (isset($_POST['add_network'])) { enforceUserPermission('module_support', 2); - require_once 'post/user/network_model.php'; + require_once 'network_model.php'; mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id"); @@ -30,7 +30,7 @@ if (isset($_POST['edit_network'])) { enforceUserPermission('module_support', 2); $network_id = intval($_POST['network_id']); - require_once 'post/user/network_model.php'; + require_once 'network_model.php'; mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id"); diff --git a/user/post/product.php b/user/post/product.php index 68f6d5ab..fa681d4a 100644 --- a/user/post/product.php +++ b/user/post/product.php @@ -11,7 +11,7 @@ if (isset($_POST['add_product'])) { enforceUserPermission('module_sales', 2); - require_once 'post/user/product_model.php'; + require_once 'product_model.php'; mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category"); @@ -30,7 +30,7 @@ if (isset($_POST['edit_product'])) { enforceUserPermission('module_sales', 2); - require_once 'post/user/product_model.php'; + require_once 'product_model.php'; $product_id = intval($_POST['product_id']); diff --git a/user/post/profile.php b/user/post/profile.php index d3ef2474..9920ec7d 100644 --- a/user/post/profile.php +++ b/user/post/profile.php @@ -197,7 +197,7 @@ if (isset($_POST['enable_mfa'])) { validateCSRFToken($_POST['csrf_token']); - require_once "plugins/totp/totp.php"; + require_once "../plugins/totp/totp.php"; // Grab the code from the user $verify_code = trim($_POST['verify_code']); diff --git a/user/post/quote.php b/user/post/quote.php index fb348f02..5d3983e3 100644 --- a/user/post/quote.php +++ b/user/post/quote.php @@ -10,7 +10,7 @@ if (isset($_POST['add_quote'])) { enforceUserPermission('module_sales', 2); - require_once 'post/user/quote_model.php'; + require_once 'quote_model.php'; $client_id = intval($_POST['client']); @@ -252,7 +252,7 @@ if (isset($_POST['edit_quote'])) { enforceUserPermission('module_sales', 2); - require_once 'post/user/quote_model.php'; + require_once 'quote_model.php'; $quote_id = intval($_POST['quote_id']); @@ -683,7 +683,7 @@ if (isset($_GET['export_quote_pdf'])) { $quote_badge_color = "secondary"; } - require_once("plugins/TCPDF/tcpdf.php"); + require_once("../plugins/TCPDF/tcpdf.php"); // Start TCPDF $pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false); @@ -697,8 +697,8 @@ if (isset($_GET['export_quote_pdf'])) { $html = '
'; - if (!empty($company_logo) && file_exists("uploads/settings/$company_logo")) { - $html .= ''; + if (!empty($company_logo) && file_exists("../uploads/settings/$company_logo")) { + $html .= ''; } $html .= ' diff --git a/user/post/rack.php b/user/post/rack.php index 50bfd1b8..33784909 100644 --- a/user/post/rack.php +++ b/user/post/rack.php @@ -31,10 +31,10 @@ if (isset($_POST['add_rack'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -74,10 +74,10 @@ if (isset($_POST['edit_rack'])) { $file_tmp_path = $_FILES['file']['tmp_name']; // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); + if (!file_exists("../uploads/clients/$client_id")) { + mkdir("../uploads/clients/$client_id"); } - $upload_file_dir = "uploads/clients/$client_id/"; + $upload_file_dir = "../uploads/clients/$client_id/"; $dest_path = $upload_file_dir . $new_file_name; move_uploaded_file($file_tmp_path, $dest_path); @@ -157,7 +157,7 @@ if (isset($_GET['delete_rack'])) { // Delete Photo if exists if ($rack_photo) { - unlink("uploads/clients/$client_id/$rack_photo"); + unlink("../uploads/clients/$client_id/$rack_photo"); } // Logging diff --git a/user/post/tag.php b/user/post/tag.php index c8c7a215..f74ac15d 100644 --- a/user/post/tag.php +++ b/user/post/tag.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_tag'])) { - require_once 'post/user/tag_model.php'; + require_once 'tag_model.php'; mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'"); diff --git a/user/post/ticket.php b/user/post/ticket.php index 38598bee..b3c558e6 100644 --- a/user/post/ticket.php +++ b/user/post/ticket.php @@ -760,7 +760,7 @@ if (isset($_GET['delete_ticket'])) { // Delete Ticket Attachements mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); - removeDirectory("uploads/tickets/$ticket_id"); + removeDirectory("../uploads/tickets/$ticket_id"); // No Need to delete ticket assets as this is cascadely deleted via the database. @@ -802,7 +802,7 @@ if (isset($_POST['bulk_delete_tickets'])) { // Delete Ticket Attachements mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); - removeDirectory("uploads/tickets/$ticket_id"); + removeDirectory("../uploads/tickets/$ticket_id"); // No Need to delete ticket assets as this is cascadely deleted via the database. diff --git a/user/post/transfer.php b/user/post/transfer.php index 73128479..5138f240 100644 --- a/user/post/transfer.php +++ b/user/post/transfer.php @@ -10,7 +10,7 @@ if (isset($_POST['add_transfer'])) { enforceUserPermission('module_financial', 2); - require_once 'post/user/transfer_model.php'; + require_once 'transfer_model.php'; // Get Source Account Name for logging $sql = mysqli_query($mysqli,"SELECT account_name, account_currency_code FROM accounts WHERE account_id = $account_from"); @@ -46,7 +46,7 @@ if (isset($_POST['edit_transfer'])) { enforceUserPermission('module_financial', 2); - require_once 'post/user/transfer_model.php'; + require_once 'transfer_model.php'; $transfer_id = intval($_POST['transfer_id']); diff --git a/user/post/trip.php b/user/post/trip.php index 12da2f0a..ad78083e 100644 --- a/user/post/trip.php +++ b/user/post/trip.php @@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_trip'])) { - require_once 'post/user/trip_model.php'; + require_once 'trip_model.php'; mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id"); @@ -26,7 +26,7 @@ if (isset($_POST['add_trip'])) { if (isset($_POST['edit_trip'])) { - require_once 'post/user/trip_model.php'; + require_once 'trip_model.php'; $trip_id = intval($_POST['trip_id']); diff --git a/user/post/vendor.php b/user/post/vendor.php index 3f6ad7db..64163f26 100644 --- a/user/post/vendor.php +++ b/user/post/vendor.php @@ -49,7 +49,7 @@ if (isset($_POST['add_vendor_from_template'])) { if (isset($_POST['add_vendor'])) { - require_once 'post/user/vendor_model.php'; + require_once 'vendor_model.php'; $client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company @@ -67,7 +67,7 @@ if (isset($_POST['add_vendor'])) { if (isset($_POST['edit_vendor'])) { - require_once 'post/user/vendor_model.php'; + require_once 'vendor_model.php'; $vendor_id = intval($_POST['vendor_id']); $vendor_template_id = intval($_POST['vendor_template_id']);