AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

broken link updates

This commit is contained in:
johnnyq 2025-07-30 20:59:20 -04:00
parent 8e87c25de1
commit 905908bcf1
38 changed files with 103 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
user/database_updates.php → admin/database_updates.php
View File

4
admin/post/category.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_category'])) { if (isset($_POST['add_category'])) {
require_once 'post/admin/admin_category_model.php'; require_once 'category_model.php';
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
@ -25,7 +25,7 @@ if (isset($_POST['add_category'])) {
if (isset($_POST['edit_category'])) { if (isset($_POST['edit_category'])) {
require_once 'post/admin/admin_category_model.php'; require_once 'category_model.php';
$category_id = intval($_POST['category_id']); $category_id = intval($_POST['category_id']);

4
admin/post/custom_field.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if(isset($_POST['create_custom_field'])){ if(isset($_POST['create_custom_field'])){
require_once 'post/admin/admin_custom_field_model.php'; require_once 'custom_field_model.php';
$table = sanitizeInput($_POST['table']); $table = sanitizeInput($_POST['table']);
@ -27,7 +27,7 @@ if(isset($_POST['create_custom_field'])){
if(isset($_POST['edit_custom_field'])){ if(isset($_POST['edit_custom_field'])){
require_once 'post/admin/admin_custom_field_model.php'; require_once 'custom_field_model.php';
$custom_field_id = intval($_POST['custom_field_id']); $custom_field_id = intval($_POST['custom_field_id']);

6
admin/post/settings_company.php
View File

@ -28,13 +28,13 @@ if (isset($_POST['edit_company'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/"; $upload_file_dir = "../uploads/settings/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
// Delete old file // Delete old file
unlink("uploads/settings/$existing_file_name"); unlink("../uploads/settings/$existing_file_name");
// Set Logo // Set Logo
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1"); mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
@ -59,7 +59,7 @@ if (isset($_GET['remove_company_logo'])) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_logo = $row['company_logo']; // FileSystem Operation Logo is already sanitized $company_logo = $row['company_logo']; // FileSystem Operation Logo is already sanitized
unlink("uploads/settings/$company_logo"); unlink("../uploads/settings/$company_logo");
mysqli_query($mysqli,"UPDATE companies SET company_logo = NULL WHERE company_id = 1"); mysqli_query($mysqli,"UPDATE companies SET company_logo = NULL WHERE company_id = 1");

2
admin/post/settings_online_payment_clients.php
View File

@ -16,7 +16,7 @@ if (isset($_GET['stripe_remove_pm'])) {
try { try {
// Initialize stripe // Initialize stripe
require_once 'plugins/stripe-php/init.php'; require_once '../plugins/stripe-php/init.php';
$stripe = new \Stripe\StripeClient($config_stripe_secret); $stripe = new \Stripe\StripeClient($config_stripe_secret);
// Detach PM // Detach PM

6
admin/post/settings_theme.php
View File

@ -30,12 +30,12 @@ if (isset($_POST['edit_favicon_settings'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// Delete old file // Delete old file
if(file_exists("uploads/favicon.ico")) { if(file_exists("../uploads/favicon.ico")) {
unlink("uploads/favicon.ico"); unlink("../uploads/favicon.ico");
} }
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/"; $upload_file_dir = "../uploads/";
//Force File Name //Force File Name
$new_file_name = "favicon.ico"; $new_file_name = "favicon.ico";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;

4
admin/post/tag.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_tag'])) { if (isset($_POST['add_tag'])) {
require_once 'post/admin/admin_tag_model.php'; require_once 'tag_model.php';
mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'"); mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'");
@ -25,7 +25,7 @@ if (isset($_POST['add_tag'])) {
if (isset($_POST['edit_tag'])) { if (isset($_POST['edit_tag'])) {
require_once 'post/admin/admin_tag_model.php'; require_once 'post/tag_model.php';
$tag_id = intval($_POST['tag_id']); $tag_id = intval($_POST['tag_id']);

4
admin/post/ticket_template.php
View File

@ -5,8 +5,8 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
// Import shared code from user-side tickets/tasks as we reuse functions // Import shared code from user-side tickets/tasks as we reuse functions
require_once 'post/user/ticket.php'; require_once '../user/post/ticket.php';
require_once 'post/user/task.php'; require_once '../user/post/task.php';
if (isset($_POST['add_ticket_template'])) { if (isset($_POST['add_ticket_template'])) {

2
admin/post/update.php
View File

@ -288,7 +288,7 @@ if (isset($_GET['update_db'])) {
//validateAdminRole(); // Old function //validateAdminRole(); // Old function
// Get the current version // Get the current version
require_once ('includes/database_version.php'); require_once ('../includes/database_version.php');
// Perform upgrades, if required // Perform upgrades, if required
require_once ('database_updates.php'); require_once ('database_updates.php');

12
admin/post/users.php
View File

@ -27,8 +27,8 @@ if (isset($_POST['add_user'])) {
} }
} }
if (!file_exists("uploads/users/$user_id/")) { if (!file_exists("../uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id"); mkdir("../uploads/users/$user_id");
} }
// Check for and process image/photo // Check for and process image/photo
@ -103,7 +103,7 @@ if (isset($_POST['edit_user'])) {
validateCSRFToken($_POST['csrf_token']); validateCSRFToken($_POST['csrf_token']);
require_once 'post/admin/admin_user_model.php'; require_once 'user_model.php';
$user_id = intval($_POST['user_id']); $user_id = intval($_POST['user_id']);
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
@ -127,8 +127,8 @@ if (isset($_POST['edit_user'])) {
$two_fa = $_POST['2fa']; $two_fa = $_POST['2fa'];
} }
if (!file_exists("uploads/users/$user_id/")) { if (!file_exists("../uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id"); mkdir("../uploads/users/$user_id");
} }
// Check for and process image/photo // Check for and process image/photo
@ -139,7 +139,7 @@ if (isset($_POST['edit_user'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/"; $upload_file_dir = "../uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);

2
admin/post/vendor_template.php
View File

@ -5,7 +5,7 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
// Import shared code from user-side vendor management as we reuse functions // Import shared code from user-side vendor management as we reuse functions
require_once 'post/user/vendor.php'; require_once '../user/post/vendor.php';
if (isset($_POST['add_vendor_template'])) { if (isset($_POST['add_vendor_template'])) {

15
css/quote_dropdowns_fix.css
View File

@ -1,15 +0,0 @@
/*!
* AdminLTE 3.2.0 Specific Dropdown Fix
* Targets .fix-quote-dropdown only
* Prevents alignment bugs in split button dropdowns going too far left
* (ChatGPT)
*/
.fix-quote-dropdown .dropdown-menu {
left: auto !important;
right: 0 !important;
top: calc(100% + 0.25rem) !important;
transform: none !important;
min-width: max-content;
z-index: 1050;
}

83
css/tickets_kanban.css
View File

@ -1,83 +0,0 @@
/* General Popover Styling */
.popover {
max-width: 600px;
}
/* Kanban Board Container */
#kanban-board {
display: flex;
overflow-x: auto;
box-sizing: border-box;
min-width: 400px;
height: calc(100vh - 210px);
}
/* Kanban Column */
.kanban-column {
flex: 1;
min-width: 300px;
max-width: 300px;
margin: 0 10px;
background: #f4f4f4;
border: 1px solid #ccc;
border-radius: 4px;
padding: 10px;
min-height: calc(100vh - 230px);
max-height: calc(100vh - 230px);
box-sizing: border-box;
display: flex;
flex-direction: column;
}
/* Column Inner Scrollable Task Area */
.kanban-status {
flex: 1;
overflow-y: auto;
min-height: 60px;
position: relative;
padding: 5px;
background-color: #f9f9f9;
border-radius: 4px;
}
/* Individual Task Cards */
.task {
background: #fff;
margin: 5px 0;
padding: 10px;
border: 1px solid #ddd;
border-radius: 4px;
cursor: grab;
user-select: none;
}
/* Grabbing Cursor State */
.task:active {
cursor: grabbing;
}
/* Drag Handle (shown on mobile or with class targeting) */
.drag-handle-class {
float: right;
touch-action: none;
cursor: grab;
}
/* Placeholder shown in empty columns */
.empty-placeholder {
border: 2px dashed #ccc;
background-color: #fcfcfc;
color: #999;
font-style: italic;
padding: 12px;
margin: 10px 0;
text-align: center;
border-radius: 4px;
pointer-events: none;
}
/* Sortable drop zone feedback (optional visual cue) */
.kanban-status.sortable-over {
background-color: #eaf6ff;
transition: background-color 0.2s ease;
}

14
js/ai_ticket_summary.js
View File

@ -1,14 +0,0 @@
$('#summaryModal').on('shown.bs.modal', function (e) {
// Perform AJAX request to get the summary
$.ajax({
url: 'post.php?ai_ticket_summary',
method: 'POST',
data: { ticket_id: <?php echo $ticket_id; ?> },
success: function(response) {
$('#summaryContent').html(response);
},
error: function() {
$('#summaryContent').html('Error generating summary.');
}
});
});

14
js/generate_password.js
View File

@ -1,14 +0,0 @@
function generatePassword(login_id) {
// Send a GET request to ajax.php as ajax.php?get_readable_pass=true
jQuery.get(
"ajax.php", {
get_readable_pass: 'true'
},
function(data) {
//If we get a response from post.php, parse it as JSON
const password = JSON.parse(data);
document.getElementById("password").value = password;
}
);
}

58
js/share_modal.js
View File

@ -1,58 +0,0 @@
function populateShareModal(client_id, item_type, item_ref_id) {
// Populate HTML fields
document.getElementById("share_client_id").value = client_id;
document.getElementById("share_item_type").value = item_type;
document.getElementById("share_item_ref_id").value = item_ref_id;
// (re)Hide the URL/div (incase we're re-generating it)
document.getElementById("div_share_link_output").hidden = true;
document.getElementById("share_link").value = '';
// Show form and generate button
document.getElementById("div_share_link_form").hidden = false;
document.getElementById("div_share_link_generate").hidden = false;
$(document).ready(function() {
$('#share_email').select2({
tags: true,
placeholder: 'Select or type a value',
allowClear: true
});
});
}
function generateShareLink() {
let client_id = document.getElementById("share_client_id").value;
let item_type = document.getElementById("share_item_type").value;
let item_ref_id = document.getElementById("share_item_ref_id").value;
let item_note = document.getElementById("share_note").value;
let item_views = document.getElementById("share_views").checked ? 1 : 0;
let item_expires = document.querySelector('input[name="expires"]:checked').value;
let contact_email = document.getElementById("share_email").value;
// Check values are provided
if (item_expires) {
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
jQuery.get(
"../ajax.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email},
function(data) {
// If we get a response from ajax.php, parse it as JSON
const response = JSON.parse(data);
// Hide the div/form & button used to generate the link
document.getElementById("div_share_link_form").hidden = true;
document.getElementById("div_share_link_generate").hidden = true;
// Show the readonly input containing the shared link
document.getElementById("div_share_link_output").hidden = false;
document.getElementById("share_link").value = response;
// Copy link to clipboard
navigator.clipboard.writeText(response);
}
);
}
}

10
user/post/asset.php
View File

@ -27,10 +27,10 @@ if (isset($_POST['add_asset'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -100,13 +100,13 @@ if (isset($_POST['edit_asset'])) {
// Set directory in which the uploaded file will be moved // Set directory in which the uploaded file will be moved
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file //Delete old file
unlink("uploads/clients/$client_id/$existing_file_name"); unlink("../uploads/clients/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id");
} }

2
user/post/category.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_category'])) { if (isset($_POST['add_category'])) {
require_once 'post/user/category_model.php'; require_once 'category_model.php';
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");

4
user/post/certificate.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_certificate'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
require_once 'post/user/certificate_model.php'; require_once 'certificate_model.php';
// Parse public key data for a manually provided public key // Parse public key data for a manually provided public key
if (!empty($public_key) && (empty($expire) && empty($issued_by))) { if (!empty($public_key) && (empty($expire) && empty($issued_by))) {
@ -45,7 +45,7 @@ if (isset($_POST['edit_certificate'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
require_once 'post/user/certificate_model.php'; require_once 'certificate_model.php';
$certificate_id = intval($_POST['certificate_id']); $certificate_id = intval($_POST['certificate_id']);
// Parse public key data for a manually provided public key // Parse public key data for a manually provided public key

6
user/post/client.php
View File

@ -520,9 +520,9 @@ if (isset($_POST["import_clients_csv"])) {
$client_id = mysqli_insert_id($mysqli); $client_id = mysqli_insert_id($mysqli);
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
file_put_contents("uploads/clients/$client_id/index.php", ""); file_put_contents("../uploads/clients/$client_id/index.php", "");
} }
// Create Referral if it doesn't exist // Create Referral if it doesn't exist

18
user/post/contact.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_contact'])) {
enforceUserPermission('module_client', 2); enforceUserPermission('module_client', 2);
require_once 'post/user/contact_model.php'; require_once 'contact_model.php';
// Create User Account // Create User Account
$user_id = 0; $user_id = 0;
@ -54,10 +54,10 @@ if (isset($_POST['add_contact'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -81,7 +81,7 @@ if (isset($_POST['edit_contact'])) {
enforceUserPermission('module_client', 2); enforceUserPermission('module_client', 2);
require_once 'post/user/contact_model.php'; require_once 'contact_model.php';
$contact_id = intval($_POST['contact_id']); $contact_id = intval($_POST['contact_id']);
$send_email = intval($_POST['send_email'] ?? 0); $send_email = intval($_POST['send_email'] ?? 0);
@ -92,8 +92,8 @@ if (isset($_POST['edit_contact'])) {
$existing_file_name = sanitizeInput($row['contact_photo']); $existing_file_name = sanitizeInput($row['contact_photo']);
$contact_user_id = intval($row['contact_user_id']); $contact_user_id = intval($row['contact_user_id']);
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
// Update Existing User // Update Existing User
@ -130,13 +130,13 @@ if (isset($_POST['edit_contact'])) {
// Set directory in which the uploaded file will be moved // Set directory in which the uploaded file will be moved
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file //Delete old file
unlink("uploads/clients/$client_id/$existing_file_name"); unlink("../uploads/clients/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id"); mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");

4
user/post/credential.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_credential'])) {
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
require_once 'post/user/credential_model.php'; require_once 'credential_model.php';
mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id");
@ -37,7 +37,7 @@ if (isset($_POST['edit_credential'])) {
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
require_once 'post/user/credential_model.php'; require_once 'credential_model.php';
$credential_id = intval($_POST['credential_id']); $credential_id = intval($_POST['credential_id']);

2
user/post/document.php
View File

@ -564,7 +564,7 @@ if (isset($_GET['export_document'])) {
$client_id = intval($row['document_client_id']); $client_id = intval($row['document_client_id']);
// Include the TCPDF class // Include the TCPDF class
require_once('plugins/TCPDF/tcpdf.php'); require_once('../plugins/TCPDF/tcpdf.php');
$pdf = new TCPDF(); $pdf = new TCPDF();

4
user/post/event.php
View File

@ -43,7 +43,7 @@ if (isset($_POST['edit_calendar'])) {
if (isset($_POST['add_event'])) { if (isset($_POST['add_event'])) {
require_once 'post/user/event_model.php'; require_once 'event_model.php';
mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client"); mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
@ -117,7 +117,7 @@ if (isset($_POST['add_event'])) {
if (isset($_POST['edit_event'])) { if (isset($_POST['edit_event'])) {
require_once 'post/user/event_model.php'; require_once 'event_model.php';
$event_id = intval($_POST['event_id']); $event_id = intval($_POST['event_id']);

14
user/post/expense.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_expense'])) { if (isset($_POST['add_expense'])) {
require_once 'post/user/expense_model.php'; require_once 'expense_model.php';
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'"); mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = $amount, expense_currency_code = '$session_company_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference'");
@ -24,7 +24,7 @@ if (isset($_POST['add_expense'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/"; $upload_file_dir = "../uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -44,7 +44,7 @@ if (isset($_POST['add_expense'])) {
if (isset($_POST['edit_expense'])) { if (isset($_POST['edit_expense'])) {
require_once 'post/user/expense_model.php'; require_once 'expense_model.php';
$expense_id = intval($_POST['expense_id']); $expense_id = intval($_POST['expense_id']);
@ -62,12 +62,12 @@ if (isset($_POST['edit_expense'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/"; $upload_file_dir = "../uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file //Delete old file
unlink("uploads/expenses/$existing_file_name"); unlink("../uploads/expenses/$existing_file_name");
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.'; $extended_alert_description = '. File successfully uploaded.';
@ -94,7 +94,7 @@ if (isset($_GET['delete_expense'])) {
$expense_description = sanitizeInput($row['expense_description']); $expense_description = sanitizeInput($row['expense_description']);
$client_id = intval($row['expense_client_id']); $client_id = intval($row['expense_client_id']);
unlink("uploads/expenses/$expense_receipt"); unlink("../uploads/expenses/$expense_receipt");
mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id"); mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id");
@ -243,7 +243,7 @@ if (isset($_POST['bulk_delete_expenses'])) {
$expense_receipt = sanitizeInput($row['expense_receipt']); $expense_receipt = sanitizeInput($row['expense_receipt']);
$client_id = intval($row['expense_client_id']); $client_id = intval($row['expense_client_id']);
unlink("uploads/expenses/$expense_receipt"); unlink("../uploads/expenses/$expense_receipt");
mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id"); mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id");

14
user/post/file.php
View File

@ -17,7 +17,7 @@ if (isset($_POST['upload_files'])) {
$description = sanitizeInput($_POST['description']); $description = sanitizeInput($_POST['description']);
$contact_id = intval($_POST['contact'] ?? 0); $contact_id = intval($_POST['contact'] ?? 0);
$asset_id = intval($_POST['asset'] ?? 0); $asset_id = intval($_POST['asset'] ?? 0);
$client_dir = "uploads/clients/$client_id"; $client_dir = "../uploads/clients/$client_id";
// Create client directory if it doesn't exist // Create client directory if it doesn't exist
if (!is_dir($client_dir)) { if (!is_dir($client_dir)) {
@ -295,13 +295,13 @@ if (isset($_POST['delete_file'])) {
$file_has_thumbnail = intval($row['file_has_thumbnail']); $file_has_thumbnail = intval($row['file_has_thumbnail']);
$file_has_preview = intval($row['file_has_preview']); $file_has_preview = intval($row['file_has_preview']);
unlink("uploads/clients/$client_id/$file_reference_name"); unlink("../uploads/clients/$client_id/$file_reference_name");
if ($file_has_thumbnail == 1) { if ($file_has_thumbnail == 1) {
unlink("uploads/clients/$client_id/thumbnail_$file_reference_name"); unlink("../uploads/clients/$client_id/thumbnail_$file_reference_name");
} }
if ($file_has_preview == 1) { if ($file_has_preview == 1) {
unlink("uploads/clients/$client_id/preview_$file_reference_name"); unlink("../uploads/clients/$client_id/preview_$file_reference_name");
} }
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id"); mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
@ -339,13 +339,13 @@ if (isset($_POST['bulk_delete_files'])) {
$file_has_thumbnail = intval($row['file_has_thumbnail']); $file_has_thumbnail = intval($row['file_has_thumbnail']);
$file_has_preview = intval($row['file_has_preview']); $file_has_preview = intval($row['file_has_preview']);
unlink("uploads/clients/$client_id/$file_reference_name"); unlink("../uploads/clients/$client_id/$file_reference_name");
if ($file_has_thumbnail == 1) { if ($file_has_thumbnail == 1) {
unlink("uploads/clients/$client_id/thumbnail_$file_reference_name"); unlink("../uploads/clients/$client_id/thumbnail_$file_reference_name");
} }
if ($file_has_preview == 1) { if ($file_has_preview == 1) {
unlink("uploads/clients/$client_id/preview_$file_reference_name"); unlink("../uploads/clients/$client_id/preview_$file_reference_name");
} }
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id"); mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");

12
user/post/invoice.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_invoice'])) { if (isset($_POST['add_invoice'])) {
require_once 'post/user/invoice_model.php'; require_once 'invoice_model.php';
$client_id = intval($_POST['client']); $client_id = intval($_POST['client']);
@ -43,7 +43,7 @@ if (isset($_POST['add_invoice'])) {
if (isset($_POST['edit_invoice'])) { if (isset($_POST['edit_invoice'])) {
require_once 'post/user/invoice_model.php'; require_once 'invoice_model.php';
$invoice_id = intval($_POST['invoice_id']); $invoice_id = intval($_POST['invoice_id']);
$due = sanitizeInput($_POST['due']); $due = sanitizeInput($_POST['due']);
@ -1133,7 +1133,7 @@ if (isset($_GET['add_payment_stripe'])) {
} }
// Initialize Stripe // Initialize Stripe
require_once __DIR__ . '/../../plugins/stripe-php/init.php'; require_once __DIR__ . '/../plugins/stripe-php/init.php';
$stripe = new \Stripe\StripeClient($config_stripe_secret); $stripe = new \Stripe\StripeClient($config_stripe_secret);
$balance_to_pay = round($invoice_amount, 2); $balance_to_pay = round($invoice_amount, 2);
@ -2124,7 +2124,7 @@ if (isset($_GET['export_invoice_pdf'])) {
//Set Badge color based off of invoice status //Set Badge color based off of invoice status
$invoice_badge_color = getInvoiceBadgeColor($invoice_status); $invoice_badge_color = getInvoiceBadgeColor($invoice_status);
require_once("plugins/TCPDF/tcpdf.php"); require_once("../plugins/TCPDF/tcpdf.php");
// Start TCPDF // Start TCPDF
$pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false); $pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false);
@ -2138,8 +2138,8 @@ if (isset($_GET['export_invoice_pdf'])) {
$html = '<table width="100%" cellspacing="0" cellpadding="3"> $html = '<table width="100%" cellspacing="0" cellpadding="3">
<tr> <tr>
<td width="40%">'; <td width="40%">';
if (!empty($company_logo) && file_exists("uploads/settings/$company_logo")) { if (!empty($company_logo) && file_exists("../uploads/settings/$company_logo")) {
$html .= '<img src="uploads/settings/' . $company_logo . '" width="120">'; $html .= '<img src="../uploads/settings/' . $company_logo . '" width="120">';
} }
$html .= '</td> $html .= '</td>
<td width="60%" align="right"> <td width="60%" align="right">

18
user/post/location.php
View File

@ -10,11 +10,11 @@ if(isset($_POST['add_location'])){
enforceUserPermission('module_client', 2); enforceUserPermission('module_client', 2);
require_once 'post/user/location_model.php'; require_once 'location_model.php';
if(!file_exists("uploads/clients/$client_id")) { if(!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
mysqli_query($mysqli,"INSERT INTO locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact, location_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact, location_client_id = $client_id");
@ -41,7 +41,7 @@ if(isset($_POST['add_location'])){
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -64,7 +64,7 @@ if(isset($_POST['edit_location'])){
enforceUserPermission('module_client', 2); enforceUserPermission('module_client', 2);
require_once 'post/user/location_model.php'; require_once 'location_model.php';
$location_id = intval($_POST['location_id']); $location_id = intval($_POST['location_id']);
@ -75,8 +75,8 @@ if(isset($_POST['edit_location'])){
$existing_file_name = sanitizeInput($row['location_photo']); $existing_file_name = sanitizeInput($row['location_photo']);
if(!file_exists("uploads/clients/$client_id")) { if(!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
mysqli_query($mysqli,"UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact WHERE location_id = $location_id"); mysqli_query($mysqli,"UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact WHERE location_id = $location_id");
@ -104,13 +104,13 @@ if(isset($_POST['edit_location'])){
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file //Delete old file
unlink("uploads/clients/$client_id/$existing_file_name"); unlink("../uploads/clients/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");

4
user/post/network.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_network'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
require_once 'post/user/network_model.php'; require_once 'network_model.php';
mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
@ -30,7 +30,7 @@ if (isset($_POST['edit_network'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
$network_id = intval($_POST['network_id']); $network_id = intval($_POST['network_id']);
require_once 'post/user/network_model.php'; require_once 'network_model.php';
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id"); mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");

4
user/post/product.php
View File

@ -11,7 +11,7 @@ if (isset($_POST['add_product'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
require_once 'post/user/product_model.php'; require_once 'product_model.php';
mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category"); mysqli_query($mysqli,"INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = '$price', product_currency_code = '$session_company_currency', product_tax_id = $tax, product_category_id = $category");
@ -30,7 +30,7 @@ if (isset($_POST['edit_product'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
require_once 'post/user/product_model.php'; require_once 'product_model.php';
$product_id = intval($_POST['product_id']); $product_id = intval($_POST['product_id']);

2
user/post/profile.php
View File

@ -197,7 +197,7 @@ if (isset($_POST['enable_mfa'])) {
validateCSRFToken($_POST['csrf_token']); validateCSRFToken($_POST['csrf_token']);
require_once "plugins/totp/totp.php"; require_once "../plugins/totp/totp.php";
// Grab the code from the user // Grab the code from the user
$verify_code = trim($_POST['verify_code']); $verify_code = trim($_POST['verify_code']);

10
user/post/quote.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_quote'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
require_once 'post/user/quote_model.php'; require_once 'quote_model.php';
$client_id = intval($_POST['client']); $client_id = intval($_POST['client']);
@ -252,7 +252,7 @@ if (isset($_POST['edit_quote'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
require_once 'post/user/quote_model.php'; require_once 'quote_model.php';
$quote_id = intval($_POST['quote_id']); $quote_id = intval($_POST['quote_id']);
@ -683,7 +683,7 @@ if (isset($_GET['export_quote_pdf'])) {
$quote_badge_color = "secondary"; $quote_badge_color = "secondary";
} }
require_once("plugins/TCPDF/tcpdf.php"); require_once("../plugins/TCPDF/tcpdf.php");
// Start TCPDF // Start TCPDF
$pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false); $pdf = new TCPDF('P', 'mm', 'A4', true, 'UTF-8', false);
@ -697,8 +697,8 @@ if (isset($_GET['export_quote_pdf'])) {
$html = '<table width="100%" cellspacing="0" cellpadding="3"> $html = '<table width="100%" cellspacing="0" cellpadding="3">
<tr> <tr>
<td width="40%">'; <td width="40%">';
if (!empty($company_logo) && file_exists("uploads/settings/$company_logo")) { if (!empty($company_logo) && file_exists("../uploads/settings/$company_logo")) {
$html .= '<img src="uploads/settings/' . $company_logo . '" width="120">'; $html .= '<img src="../uploads/settings/' . $company_logo . '" width="120">';
} }
$html .= '</td> $html .= '</td>
<td width="60%" align="right"> <td width="60%" align="right">

14
user/post/rack.php
View File

@ -31,10 +31,10 @@ if (isset($_POST['add_rack'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -74,10 +74,10 @@ if (isset($_POST['edit_rack'])) {
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
if (!file_exists("uploads/clients/$client_id")) { if (!file_exists("../uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id"); mkdir("../uploads/clients/$client_id");
} }
$upload_file_dir = "uploads/clients/$client_id/"; $upload_file_dir = "../uploads/clients/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path); move_uploaded_file($file_tmp_path, $dest_path);
@ -157,7 +157,7 @@ if (isset($_GET['delete_rack'])) {
// Delete Photo if exists // Delete Photo if exists
if ($rack_photo) { if ($rack_photo) {
unlink("uploads/clients/$client_id/$rack_photo"); unlink("../uploads/clients/$client_id/$rack_photo");
} }
// Logging // Logging

2
user/post/tag.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_tag'])) { if (isset($_POST['add_tag'])) {
require_once 'post/user/tag_model.php'; require_once 'tag_model.php';
mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'"); mysqli_query($mysqli,"INSERT INTO tags SET tag_name = '$name', tag_type = $type, tag_color = '$color', tag_icon = '$icon'");

4
user/post/ticket.php
View File

@ -760,7 +760,7 @@ if (isset($_GET['delete_ticket'])) {
// Delete Ticket Attachements // Delete Ticket Attachements
mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
removeDirectory("uploads/tickets/$ticket_id"); removeDirectory("../uploads/tickets/$ticket_id");
// No Need to delete ticket assets as this is cascadely deleted via the database. // No Need to delete ticket assets as this is cascadely deleted via the database.
@ -802,7 +802,7 @@ if (isset($_POST['bulk_delete_tickets'])) {
// Delete Ticket Attachements // Delete Ticket Attachements
mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
removeDirectory("uploads/tickets/$ticket_id"); removeDirectory("../uploads/tickets/$ticket_id");
// No Need to delete ticket assets as this is cascadely deleted via the database. // No Need to delete ticket assets as this is cascadely deleted via the database.

4
user/post/transfer.php
View File

@ -10,7 +10,7 @@ if (isset($_POST['add_transfer'])) {
enforceUserPermission('module_financial', 2); enforceUserPermission('module_financial', 2);
require_once 'post/user/transfer_model.php'; require_once 'transfer_model.php';
// Get Source Account Name for logging // Get Source Account Name for logging
$sql = mysqli_query($mysqli,"SELECT account_name, account_currency_code FROM accounts WHERE account_id = $account_from"); $sql = mysqli_query($mysqli,"SELECT account_name, account_currency_code FROM accounts WHERE account_id = $account_from");
@ -46,7 +46,7 @@ if (isset($_POST['edit_transfer'])) {
enforceUserPermission('module_financial', 2); enforceUserPermission('module_financial', 2);
require_once 'post/user/transfer_model.php'; require_once 'transfer_model.php';
$transfer_id = intval($_POST['transfer_id']); $transfer_id = intval($_POST['transfer_id']);

4
user/post/trip.php
View File

@ -8,7 +8,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_trip'])) { if (isset($_POST['add_trip'])) {
require_once 'post/user/trip_model.php'; require_once 'trip_model.php';
mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_source = '$source', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_user_id = $user_id, trip_client_id = $client_id");
@ -26,7 +26,7 @@ if (isset($_POST['add_trip'])) {
if (isset($_POST['edit_trip'])) { if (isset($_POST['edit_trip'])) {
require_once 'post/user/trip_model.php'; require_once 'trip_model.php';
$trip_id = intval($_POST['trip_id']); $trip_id = intval($_POST['trip_id']);

4
user/post/vendor.php
View File

@ -49,7 +49,7 @@ if (isset($_POST['add_vendor_from_template'])) {
if (isset($_POST['add_vendor'])) { if (isset($_POST['add_vendor'])) {
require_once 'post/user/vendor_model.php'; require_once 'vendor_model.php';
$client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company $client_id = intval($_POST['client_id']); // Used if this vendor is under a contact otherwise its 0 for under company
@ -67,7 +67,7 @@ if (isset($_POST['add_vendor'])) {
if (isset($_POST['edit_vendor'])) { if (isset($_POST['edit_vendor'])) {
require_once 'post/user/vendor_model.php'; require_once 'vendor_model.php';
$vendor_id = intval($_POST['vendor_id']); $vendor_id = intval($_POST['vendor_id']);
$vendor_template_id = intval($_POST['vendor_template_id']); $vendor_template_id = intval($_POST['vendor_template_id']);