AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix dupe race condition with ticket, invoice, quote, project, recurring ticket numbering when being created in parallel Atomically update and get the next ticket number in one SQL query everywhere.

This commit is contained in:
johnnyq 2025-11-28 14:14:46 -05:00
parent f09d8ffe05
commit 99e2487d2b
13 changed files with 378 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
agent/modals/quote/quote_to_invoice.php
View File

@ -9,10 +9,9 @@
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>"> <input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
<input type="hidden" name="client_net_terms" value="<?php echo $client_net_terms; ?>">
<div class="modal-body"> <div class="modal-body">
<div class="form-group"> <div class="form-group">
<label>Invoice Date <strong class="text-danger">*</strong></label> <label>Invoice Date <strong class="text-danger">*</strong></label>
<div class="input-group"> <div class="input-group">
@ -22,7 +21,7 @@
<input type="date" class="form-control" name="date" max="2999-12-31" value="<?php echo date("Y-m-d"); ?>" required> <input type="date" class="form-control" name="date" max="2999-12-31" value="<?php echo date("Y-m-d"); ?>" required>
</div> </div>
</div> </div>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="submit" name="add_quote_to_invoice" class="btn btn-primary text-bold"><strong><i class="fas fa-check mr-2"></i>Create Invoice</button> <button type="submit" name="add_quote_to_invoice" class="btn btn-primary text-bold"><strong><i class="fas fa-check mr-2"></i>Create Invoice</button>
@ -31,4 +30,4 @@
</form> </form>
</div> </div>
</div> </div>
</div> </div>

118
agent/post/client.php
View File

@ -237,7 +237,7 @@ if (isset($_POST['add_client'])) {
$client_id $client_id
); );
mysqli_stmt_execute($query); mysqli_stmt_execute($query);
$extended_log_description .= ", SSL certificate $website added"; $extended_log_description .= ", SSL certificate $website added";
} }
} }
@ -245,7 +245,7 @@ if (isset($_POST['add_client'])) {
logAction("Client", "Create", "$session_name created client $name$extended_log_description", $client_id, $client_id); logAction("Client", "Create", "$session_name created client $name$extended_log_description", $client_id, $client_id);
flash_alert("Client <strong>$name</strong> created"); flash_alert("Client <strong>$name</strong> created");
redirect(); redirect();
} }
@ -774,10 +774,16 @@ if (isset($_POST['bulk_add_client_ticket'])) {
$client_name = sanitizeInput($row['client_name']); $client_name = sanitizeInput($row['client_name']);
// Get the next Ticket Number and update the config // Atomically increment and get the new ticket number
$sql_ticket_number = mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"); mysqli_query($mysqli, "
$ticket_number_row = mysqli_fetch_array($sql_ticket_number); UPDATE settings
$ticket_number = intval($ticket_number_row['config_ticket_next_number']); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix); $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
@ -788,18 +794,10 @@ if (isset($_POST['bulk_add_client_ticket'])) {
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
// Increment the config ticket next number
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli); $ticket_id = mysqli_insert_id($mysqli);
// Update the next ticket number in the database
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Add Tasks // Add Tasks
if (!empty($_POST['tasks'])) { if (!empty($_POST['tasks'])) {
foreach ($_POST['tasks'] as $task) { foreach ($_POST['tasks'] as $task) {
@ -1021,8 +1019,8 @@ if (isset($_POST['bulk_send_client_email']) && isset($_POST['client_ids'])) {
$client_ids_str = implode(',', $client_ids); $client_ids_str = implode(',', $client_ids);
// SQL to fetch matching contacts // SQL to fetch matching contacts
$sql = "SELECT * FROM contacts $sql = "SELECT * FROM contacts
WHERE contact_client_id IN ($client_ids_str) WHERE contact_client_id IN ($client_ids_str)
$contact_filter_query"; $contact_filter_query";
$result = mysqli_query($mysqli, $sql); $result = mysqli_query($mysqli, $sql);
@ -1181,7 +1179,7 @@ if (isset($_POST["export_client_pdf"])) {
logAction("Client", "Export", "$session_name exported client data to a PDF file", $client_id, $client_id); logAction("Client", "Export", "$session_name exported client data to a PDF file", $client_id, $client_id);
// Get client record (joining primary contact and primary location) // Get client record (joining primary contact and primary location)
$sql = mysqli_query($mysqli, "SELECT * FROM clients $sql = mysqli_query($mysqli, "SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1 LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1 LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
WHERE client_id = $client_id WHERE client_id = $client_id
@ -1208,53 +1206,53 @@ if (isset($_POST["export_client_pdf"])) {
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id AND location_archived_at IS NULL ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id AND location_archived_at IS NULL ORDER BY location_name ASC");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_archived_at IS NULL ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
$sql_credentials = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_client_id = $client_id ORDER BY credential_name ASC"); $sql_credentials = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_client_id = $client_id ORDER BY credential_name ASC");
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets $sql_assets = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_type ASC" ORDER BY asset_type ASC"
); );
$sql_asset_workstations = mysqli_query($mysqli, "SELECT * FROM assets $sql_asset_workstations = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND (asset_type = 'desktop' OR asset_type = 'laptop') AND (asset_type = 'desktop' OR asset_type = 'laptop')
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_name ASC" ORDER BY asset_name ASC"
); );
$sql_asset_servers = mysqli_query($mysqli, "SELECT * FROM assets $sql_asset_servers = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND asset_type = 'server' AND asset_type = 'server'
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_name ASC" ORDER BY asset_name ASC"
); );
$sql_asset_vms = mysqli_query($mysqli, "SELECT * FROM assets $sql_asset_vms = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND asset_type = 'virtual machine' AND asset_type = 'virtual machine'
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_name ASC" ORDER BY asset_name ASC"
); );
$sql_asset_network = mysqli_query($mysqli, "SELECT * FROM assets $sql_asset_network = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND (asset_type = 'Firewall/Router' OR asset_type = 'Switch' OR asset_type = 'Access Point') AND (asset_type = 'Firewall/Router' OR asset_type = 'Switch' OR asset_type = 'Access Point')
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_type ASC" ORDER BY asset_type ASC"
); );
$sql_asset_other = mysqli_query($mysqli, "SELECT * FROM assets $sql_asset_other = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point') AND (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point')
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
ORDER BY asset_type ASC" ORDER BY asset_type ASC"
); );
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = $client_id AND network_archived_at IS NULL ORDER BY network_name ASC"); $sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = $client_id AND network_archived_at IS NULL ORDER BY network_name ASC");
@ -1263,38 +1261,38 @@ if (isset($_POST["export_client_pdf"])) {
$sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id AND software_archived_at IS NULL ORDER BY software_name ASC"); $sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id AND software_archived_at IS NULL ORDER BY software_name ASC");
$sql_user_licenses = mysqli_query($mysqli, " $sql_user_licenses = mysqli_query($mysqli, "
SELECT SELECT
contact_name, contact_name,
software_name software_name
FROM FROM
software_contacts software_contacts
JOIN JOIN
contacts ON software_contacts.contact_id = contacts.contact_id contacts ON software_contacts.contact_id = contacts.contact_id
JOIN JOIN
software ON software_contacts.software_id = software.software_id software ON software_contacts.software_id = software.software_id
WHERE software_archived_at IS NULL WHERE software_archived_at IS NULL
AND contact_archived_at IS NULL AND contact_archived_at IS NULL
AND software_client_id = $client_id AND software_client_id = $client_id
AND contact_client_id = $client_id AND contact_client_id = $client_id
ORDER BY ORDER BY
contact_name, software_name;" contact_name, software_name;"
); );
$sql_asset_licenses = mysqli_query($mysqli, " $sql_asset_licenses = mysqli_query($mysqli, "
SELECT SELECT
asset_name, asset_name,
software_name software_name
FROM FROM
software_assets software_assets
JOIN JOIN
assets ON software_assets.asset_id = assets.asset_id assets ON software_assets.asset_id = assets.asset_id
JOIN JOIN
software ON software_assets.software_id = software.software_id software ON software_assets.software_id = software.software_id
WHERE software_archived_at IS NULL WHERE software_archived_at IS NULL
AND asset_archived_at IS NULL AND asset_archived_at IS NULL
AND software_client_id = $client_id AND software_client_id = $client_id
AND asset_client_id = $client_id AND asset_client_id = $client_id
ORDER BY ORDER BY
asset_name, software_name;" asset_name, software_name;"
); );

64
agent/post/invoice.php
View File

@ -17,16 +17,22 @@ if (isset($_POST['add_invoice'])) {
// Get Net Terms // Get Net Terms
$client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms')); $client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms'));
//Get the last Invoice Number and add 1 for the new invoice number // Atomically increment and get the new invoice number
$invoice_number = $config_invoice_next_number; mysqli_query($mysqli, "
$new_config_invoice_next_number = $config_invoice_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1"); SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount', invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount', invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
$invoice_id = mysqli_insert_id($mysqli); $invoice_id = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id"); mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id");
@ -81,16 +87,9 @@ if (isset($_POST['add_invoice_copy'])) {
$date = sanitizeInput($_POST['date']); $date = sanitizeInput($_POST['date']);
//Get Net Terms //Get Net Terms
$sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients, invoices WHERE client_id = invoice_client_id AND invoice_id = $invoice_id"); $sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE client_id = invoice_client_id AND invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
$new_invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$invoice_scope = sanitizeInput($row['invoice_scope']); $invoice_scope = sanitizeInput($row['invoice_scope']);
$invoice_discount_amount = floatval($row['invoice_discount_amount']); $invoice_discount_amount = floatval($row['invoice_discount_amount']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
@ -101,6 +100,17 @@ if (isset($_POST['add_invoice_copy'])) {
$old_invoice_prefix = sanitizeInput($row['invoice_prefix']); $old_invoice_prefix = sanitizeInput($row['invoice_prefix']);
$old_invoice_number = intval($row['invoice_number']); $old_invoice_number = intval($row['invoice_number']);
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
@ -206,7 +216,7 @@ if (isset($_GET['cancel_invoice'])) {
} }
if (isset($_GET['delete_invoice'])) { if (isset($_GET['delete_invoice'])) {
$invoice_id = intval($_GET['delete_invoice']); $invoice_id = intval($_GET['delete_invoice']);
// Get Invoice Number and Prefix and Client ID for Logging // Get Invoice Number and Prefix and Client ID for Logging
@ -251,7 +261,7 @@ if (isset($_GET['delete_invoice'])) {
} }
if (isset($_POST['add_invoice_item'])) { if (isset($_POST['add_invoice_item'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']); $invoice_id = intval($_POST['invoice_id']);
@ -264,7 +274,7 @@ if (isset($_POST['add_invoice_item'])) {
$product_id = intval($_POST['product_id']); $product_id = intval($_POST['product_id']);
$subtotal = $price * $qty; $subtotal = $price * $qty;
// Update Product Inventory // Update Product Inventory
if ($product_id) { if ($product_id) {
// Only enforce stock for tangible products // Only enforce stock for tangible products
@ -334,7 +344,7 @@ if (isset($_POST['add_invoice_item'])) {
} }
if (isset($_POST['invoice_note'])) { if (isset($_POST['invoice_note'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']); $invoice_id = intval($_POST['invoice_id']);
@ -358,7 +368,7 @@ if (isset($_POST['invoice_note'])) {
} }
if (isset($_POST['edit_item'])) { if (isset($_POST['edit_item'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
$item_id = intval($_POST['item_id']); $item_id = intval($_POST['item_id']);
@ -405,7 +415,7 @@ if (isset($_POST['edit_item'])) {
$row = mysqli_fetch_array($sql_invoice_total); $row = mysqli_fetch_array($sql_invoice_total);
$new_invoice_amount = floatval($row['invoice_total']) - $invoice_discount; $new_invoice_amount = floatval($row['invoice_total']) - $invoice_discount;
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id"); mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
@ -458,7 +468,7 @@ if (isset($_POST['edit_item'])) {
} }
if (isset($_GET['delete_invoice_item'])) { if (isset($_GET['delete_invoice_item'])) {
enforceUserPermission('module_sales', 2); enforceUserPermission('module_sales', 2);
$item_id = intval($_GET['delete_invoice_item']); $item_id = intval($_GET['delete_invoice_item']);
@ -499,7 +509,7 @@ if (isset($_GET['delete_invoice_item'])) {
} }
if (isset($_GET['email_invoice'])) { if (isset($_GET['email_invoice'])) {
$invoice_id = intval($_GET['email_invoice']); $invoice_id = intval($_GET['email_invoice']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices $sql = mysqli_query($mysqli,"SELECT * FROM invoices
@ -577,7 +587,7 @@ if (isset($_GET['email_invoice'])) {
$email_id = mysqli_insert_id($mysqli); $email_id = mysqli_insert_id($mysqli);
flash_alert("Invoice sent!"); flash_alert("Invoice sent!");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id"); mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");
// Don't change the status to sent if the status is anything but draft // Don't change the status to sent if the status is anything but draft
@ -627,7 +637,7 @@ if (isset($_GET['email_invoice'])) {
if (isset($_POST['export_invoices_csv'])) { if (isset($_POST['export_invoices_csv'])) {
enforceUserPermission('module_sales'); enforceUserPermission('module_sales');
if (isset($_POST['client_id'])) { if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id"; $client_query = "AND invoice_client_id = $client_id";
@ -690,7 +700,7 @@ if (isset($_POST['export_invoices_csv'])) {
} }
if (isset($_POST['link_invoice_to_ticket'])) { if (isset($_POST['link_invoice_to_ticket'])) {
$invoice_id = intval($_POST['invoice_id']); $invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
@ -703,7 +713,7 @@ if (isset($_POST['link_invoice_to_ticket'])) {
} }
if (isset($_POST['add_ticket_to_invoice'])) { if (isset($_POST['add_ticket_to_invoice'])) {
$invoice_id = intval($_POST['invoice_id']); $invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
@ -874,7 +884,7 @@ if (isset($_GET['export_invoice_pdf'])) {
// Load items // Load items
$sub_total = 0; $sub_total = 0;
$total_tax = 0; $total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_order ASC"); $sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) { while ($item = mysqli_fetch_array($sql_items)) {
$name = $item['item_name']; $name = $item['item_name'];
@ -933,7 +943,7 @@ if (isset($_GET['export_invoice_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}"); $filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
$pdf->Output("$filename.pdf", 'I'); $pdf->Output("$filename.pdf", 'I');
exit; exit;
} }

31
agent/post/project.php
View File

@ -20,11 +20,16 @@ if (isset($_POST['add_project'])) {
// Sanitize Project Prefix // Sanitize Project Prefix
$config_project_prefix = sanitizeInput($config_project_prefix); $config_project_prefix = sanitizeInput($config_project_prefix);
// Get the next Project Number and add 1 for the new Project number // Atomically increment and get the new project number
$project_number = $config_project_next_number; mysqli_query($mysqli, "
$new_config_project_next_number = $config_project_next_number + 1; UPDATE settings
SET
config_project_next_number = LAST_INSERT_ID(config_project_next_number),
config_project_next_number = config_project_next_number + 1
WHERE company_id = 1
");
mysqli_query($mysqli, "UPDATE settings SET config_project_next_number = $new_config_project_next_number WHERE company_id = 1"); $project_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO projects SET project_prefix = '$config_project_prefix', project_number = $project_number, project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id"); mysqli_query($mysqli, "INSERT INTO projects SET project_prefix = '$config_project_prefix', project_number = $project_number, project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id");
@ -44,15 +49,19 @@ if (isset($_POST['add_project'])) {
$ticket_template_subject = sanitizeInput($row['ticket_template_subject']); $ticket_template_subject = sanitizeInput($row['ticket_template_subject']);
$ticket_template_details = mysqli_escape_string($mysqli, $row['ticket_template_details']); $ticket_template_details = mysqli_escape_string($mysqli, $row['ticket_template_details']);
// Get the next Ticket Number and add 1 for the new ticket number // Atomically increment and get the new ticket number
$ticket_number = $config_ticket_next_number; mysqli_query($mysqli, "
$new_config_ticket_next_number = $config_ticket_next_number + 1; UPDATE settings
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$ticket_template_subject', ticket_details = '$ticket_template_details', ticket_priority = 'Low', ticket_status = 1, ticket_created_by = $session_user_id, ticket_client_id = $client_id, ticket_project_id = $project_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$ticket_template_subject', ticket_details = '$ticket_template_details', ticket_priority = 'Low', ticket_status = 1, ticket_created_by = $session_user_id, ticket_client_id = $client_id, ticket_project_id = $project_id");
$config_ticket_next_number = $config_ticket_next_number + 1;
$ticket_id = mysqli_insert_id($mysqli); $ticket_id = mysqli_insert_id($mysqli);
// Task Templates for Ticket template and add the to the ticket // Task Templates for Ticket template and add the to the ticket
@ -263,7 +272,7 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id); logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
flash_alert("Ticket added to <strong>$project_name</strong>"); flash_alert("Ticket added to <strong>$project_name</strong>");
redirect(); redirect();
} }

63
agent/post/quote.php
View File

@ -14,10 +14,16 @@ if (isset($_POST['add_quote'])) {
$client_id = intval($_POST['client']); $client_id = intval($_POST['client']);
//Get the last Quote Number and add 1 for the new Quote number // Atomically increment and get the new quote number
$quote_number = $config_quote_next_number; mysqli_query($mysqli, "
$new_config_quote_next_number = $config_quote_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_quote_next_number = $new_config_quote_next_number WHERE company_id = 1"); SET
config_quote_next_number = LAST_INSERT_ID(config_quote_next_number),
config_quote_next_number = config_quote_next_number + 1
WHERE company_id = 1
");
$quote_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$quote_url_key = randomString(156); $quote_url_key = randomString(156);
@ -49,10 +55,16 @@ if (isset($_POST['add_quote_copy'])) {
$config_quote_prefix = sanitizeInput($config_quote_prefix); $config_quote_prefix = sanitizeInput($config_quote_prefix);
//Get the last Invoice Number and add 1 for the new invoice number // Atomically increment and get the new quote number
$quote_number = $config_quote_next_number; mysqli_query($mysqli, "
$new_config_quote_next_number = $config_quote_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_quote_next_number = $new_config_quote_next_number WHERE company_id = 1"); SET
config_quote_next_number = LAST_INSERT_ID(config_quote_next_number),
config_quote_next_number = config_quote_next_number + 1
WHERE company_id = 1
");
$quote_number = mysqli_insert_id($mysqli);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id"); $sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@ -106,16 +118,10 @@ if (isset($_POST['add_quote_to_invoice'])) {
$quote_id = intval($_POST['quote_id']); $quote_id = intval($_POST['quote_id']);
$date = sanitizeInput($_POST['date']); $date = sanitizeInput($_POST['date']);
$client_net_terms = intval($_POST['client_net_terms']);
$config_invoice_prefix = sanitizeInput($config_invoice_prefix); $sql = mysqli_query($mysqli,"SELECT * FROM clients, quotes WHERE client_id = quote_client_id AND quote_id = $quote_id");
$invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$client_net_terms = intval($row['client_net_terms']);
$quote_prefix = sanitizeInput($row['quote_prefix']); $quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']); $quote_number = sanitizeInput($row['quote_number']);
$quote_discount_amount = floatval($row['quote_discount_amount']); $quote_discount_amount = floatval($row['quote_discount_amount']);
@ -127,6 +133,19 @@ if (isset($_POST['add_quote_to_invoice'])) {
$client_id = intval($row['quote_client_id']); $client_id = intval($row['quote_client_id']);
$category_id = intval($row['quote_category_id']); $category_id = intval($row['quote_category_id']);
$config_invoice_prefix = sanitizeInput($config_invoice_prefix);
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
@ -153,7 +172,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
} }
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id"); mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id"); mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id");
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id); logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id);
@ -339,7 +358,7 @@ if (isset($_GET['delete_quote_item'])) {
$quote_prefix = sanitizeInput($row['quote_prefix']); $quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']); $quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']); $client_id = intval($row['quote_client_id']);
$new_quote_amount = floatval($row['quote_amount']) - $item_total; $new_quote_amount = floatval($row['quote_amount']) - $item_total;
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id"); mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
@ -494,7 +513,7 @@ if (isset($_GET['email_quote'])) {
// Update History // Update History
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id"); mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id");
logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id); logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id);
flash_alert("Quote sent!"); flash_alert("Quote sent!");
@ -549,7 +568,7 @@ if(isset($_POST['export_quotes_csv'])){
} }
$sql = mysqli_query($mysqli,"SELECT * FROM quotes $client_query ORDER BY quote_number ASC"); $sql = mysqli_query($mysqli,"SELECT * FROM quotes $client_query ORDER BY quote_number ASC");
$num_rows = mysqli_num_rows($sql); $num_rows = mysqli_num_rows($sql);
if($num_rows > 0){ if($num_rows > 0){
@ -581,7 +600,7 @@ if(isset($_POST['export_quotes_csv'])){
//output all remaining data on a file pointer //output all remaining data on a file pointer
fpassthru($f); fpassthru($f);
} }
logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file"); logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file");
flash_alert("Exported <strong>$num_rows</strong> quote(s)"); flash_alert("Exported <strong>$num_rows</strong> quote(s)");
@ -796,7 +815,7 @@ if (isset($_GET['export_quote_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}"); $filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}");
$pdf->Output("$filename.pdf", 'I'); $pdf->Output("$filename.pdf", 'I');
exit; exit;
} }

58
agent/post/recurring_invoice.php
View File

@ -23,10 +23,16 @@ if (isset($_POST['add_invoice_recurring'])) {
$client_id = intval($row['invoice_client_id']); $client_id = intval($row['invoice_client_id']);
$category_id = intval($row['invoice_category_id']); $category_id = intval($row['invoice_category_id']);
//Get the last Recurring Invoice Number and add 1 for the new Recurring Invoice number // Atomically increment and get the new recurring_invoice number
$recurring_invoice_number = $config_recurring_invoice_next_number; mysqli_query($mysqli, "
$new_config_recurring_invoice_next_number = $config_recurring_invoice_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_recurring_invoice_next_number = $new_config_recurring_invoice_next_number WHERE company_id = 1"); SET
config_recurring_invoice_next_number = LAST_INSERT_ID(config_recurring_invoice_next_number),
config_recurring_invoice_next_number = config_recurring_invoice_next_number + 1
WHERE company_id = 1
");
$recurring_invoice_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$invoice_scope', recurring_invoice_frequency = '$recurring_invoice_frequency', recurring_invoice_next_date = DATE_ADD('$invoice_date', INTERVAL 1 $recurring_invoice_frequency), recurring_invoice_status = 1, recurring_invoice_amount = $invoice_amount, recurring_invoice_currency_code = '$invoice_currency_code', recurring_invoice_note = '$invoice_note', recurring_invoice_category_id = $category_id, recurring_invoice_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$invoice_scope', recurring_invoice_frequency = '$recurring_invoice_frequency', recurring_invoice_next_date = DATE_ADD('$invoice_date', INTERVAL 1 $recurring_invoice_frequency), recurring_invoice_status = 1, recurring_invoice_amount = $invoice_amount, recurring_invoice_currency_code = '$invoice_currency_code', recurring_invoice_note = '$invoice_note', recurring_invoice_category_id = $category_id, recurring_invoice_client_id = $client_id");
@ -66,10 +72,16 @@ if (isset($_POST['add_recurring_invoice'])) {
$category = intval($_POST['category']); $category = intval($_POST['category']);
$scope = sanitizeInput($_POST['scope']); $scope = sanitizeInput($_POST['scope']);
//Get the last Recurring Number and add 1 for the new Recurring number // Atomically increment and get the new recurring_invoice number
$recurring_invoice_number = $config_recurring_invoice_next_number; mysqli_query($mysqli, "
$new_config_recurring_invoice_next_number = $config_recurring_invoice_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_recurring_invoice_next_number = $new_config_recurring_invoice_next_number WHERE company_id = 1"); SET
config_recurring_invoice_next_number = LAST_INSERT_ID(config_recurring_invoice_next_number),
config_recurring_invoice_next_number = config_recurring_invoice_next_number + 1
WHERE company_id = 1
");
$recurring_invoice_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$scope', recurring_invoice_frequency = '$frequency', recurring_invoice_next_date = '$start_date', recurring_invoice_category_id = $category, recurring_invoice_status = 1, recurring_invoice_currency_code = '$session_company_currency', recurring_invoice_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$scope', recurring_invoice_frequency = '$frequency', recurring_invoice_next_date = '$start_date', recurring_invoice_category_id = $category, recurring_invoice_status = 1, recurring_invoice_currency_code = '$session_company_currency', recurring_invoice_client_id = $client_id");
@ -124,7 +136,7 @@ if (isset($_POST['edit_recurring_invoice'])) {
} }
if (isset($_GET['delete_recurring_invoice'])) { if (isset($_GET['delete_recurring_invoice'])) {
$recurring_invoice_id = intval($_GET['delete_recurring_invoice']); $recurring_invoice_id = intval($_GET['delete_recurring_invoice']);
// Get Recurring Invoice Details and Client ID for Logging // Get Recurring Invoice Details and Client ID for Logging
@ -234,7 +246,7 @@ if (isset($_POST['recurring_invoice_note'])) {
} }
if (isset($_GET['delete_recurring_invoice_item'])) { if (isset($_GET['delete_recurring_invoice_item'])) {
$item_id = intval($_GET['delete_recurring_invoice_item']); $item_id = intval($_GET['delete_recurring_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id"); $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@ -250,7 +262,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']); $recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']); $recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
$new_recurring_invoice_amount = floatval($row['recurring_invoice_amount']) - $item_total; $new_recurring_invoice_amount = floatval($row['recurring_invoice_amount']) - $item_total;
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id"); mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
@ -266,7 +278,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
} }
if (isset($_GET['force_recurring'])) { if (isset($_GET['force_recurring'])) {
$recurring_invoice_id = intval($_GET['force_recurring']); $recurring_invoice_id = intval($_GET['force_recurring']);
$sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id"); $sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
@ -286,10 +298,16 @@ if (isset($_GET['force_recurring'])) {
$client_id = intval($row['recurring_invoice_client_id']); $client_id = intval($row['recurring_invoice_client_id']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
//Get the last Invoice Number and add 1 for the new invoice number // Atomically increment and get the new invoice number
$new_invoice_number = $config_invoice_next_number; mysqli_query($mysqli, "
$new_config_invoice_next_number = $config_invoice_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1"); SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
@ -472,7 +490,7 @@ if (isset($_POST['set_recurring_payment'])) {
} }
if (isset($_POST['export_client_recurring_invoice_csv'])) { if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
//get records from database //get records from database
@ -482,7 +500,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_name = $row['client_name']; $client_name = $row['client_name'];
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id ORDER BY recurring_invoice_number ASC"); $sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id ORDER BY recurring_invoice_number ASC");
$num_rows = mysqli_num_rows($sql); $num_rows = mysqli_num_rows($sql);
if ($num_rows > 0) { if ($num_rows > 0) {
@ -520,7 +538,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
} }
if (isset($_GET['recurring_invoice_email_notify'])) { if (isset($_GET['recurring_invoice_email_notify'])) {
$recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']); $recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']);
$recurring_invoice_id = intval($_GET['recurring_invoice_id']); $recurring_invoice_id = intval($_GET['recurring_invoice_id']);
@ -535,7 +553,7 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
// Wording // Wording
if ($recurring_invoice_email_notify) { if ($recurring_invoice_email_notify) {
$notify_wording = "On"; $notify_wording = "On";
} else { } else {
$notify_wording = "Off"; $notify_wording = "Off";
} }

29
agent/post/recurring_ticket.php
View File

@ -103,11 +103,16 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
$config_ticket_from_email = sanitizeInput($config_ticket_from_email); $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url); $config_base_url = sanitizeInput($config_base_url);
// Assign this new ticket the next ticket number & increment config_ticket_next_number by 1 (for the next ticket) // Atomically increment and get the new ticket number
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1")); mysqli_query($mysqli, "
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']); UPDATE settings
$new_config_ticket_next_number = $ticket_number + 1; SET
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Raise the ticket // Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");
@ -236,10 +241,16 @@ if (isset($_GET['force_recurring_ticket'])) {
$config_ticket_from_email = sanitizeInput($config_ticket_from_email); $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url); $config_base_url = sanitizeInput($config_base_url);
// Assign this new ticket the next ticket number & increment config_ticket_next_number by 1 (for the next ticket) // Atomically increment and get the new ticket number
$ticket_number = $config_ticket_next_number; mysqli_query($mysqli, "
$new_config_ticket_next_number = $config_ticket_next_number + 1; UPDATE settings
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Raise the ticket // Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");

37
agent/post/ticket.php
View File

@ -1503,10 +1503,16 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
$subject_asset_prepended = "$asset_name - $subject"; $subject_asset_prepended = "$asset_name - $subject";
// Get the next Ticket Number and update the config // Atomically increment and get the new ticket number
$sql_ticket_number = mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"); mysqli_query($mysqli, "
$ticket_number_row = mysqli_fetch_array($sql_ticket_number); UPDATE settings
$ticket_number = intval($ticket_number_row['config_ticket_next_number']); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix); $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
@ -1517,18 +1523,10 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);
// Increment the config ticket next number
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli); $ticket_id = mysqli_insert_id($mysqli);
// Update the next ticket number in the database
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Add Tasks // Add Tasks
if (!empty($_POST['tasks'])) { if (!empty($_POST['tasks'])) {
foreach ($_POST['tasks'] as $task) { foreach ($_POST['tasks'] as $task) {
@ -2155,11 +2153,18 @@ if (isset($_POST['add_invoice_from_ticket'])) {
if ($invoice_id == 0) { if ($invoice_id == 0) {
//Get the last Invoice Number and add 1 for the new invoice number
$invoice_number = $config_invoice_next_number;
$invoice_prefix = sanitizeInput($config_invoice_prefix); $invoice_prefix = sanitizeInput($config_invoice_prefix);
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1"); // Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);

12
agent/ticket.php
View File

@ -274,7 +274,7 @@ if (isset($_GET['ticket_id'])) {
// Get ticket replies // Get ticket replies
$sql_ticket_replies = mysqli_query($mysqli, "SELECT * FROM ticket_replies $sql_ticket_replies = mysqli_query($mysqli, "SELECT * FROM ticket_replies
LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN users ON ticket_reply_by = user_id
LEFT JOIN contacts ON ticket_reply_by = contact_id LEFT JOIN contacts ON ticket_reply_by = contact_id
WHERE ticket_reply_ticket_id = $ticket_id WHERE ticket_reply_ticket_id = $ticket_id
@ -340,7 +340,7 @@ if (isset($_GET['ticket_id'])) {
$sql_ticket_collaborators = mysqli_query($mysqli, " $sql_ticket_collaborators = mysqli_query($mysqli, "
SELECT GROUP_CONCAT(DISTINCT user_name SEPARATOR ', ') AS user_names SELECT GROUP_CONCAT(DISTINCT user_name SEPARATOR ', ') AS user_names
FROM users FROM users
LEFT JOIN ticket_replies ON user_id = ticket_reply_by LEFT JOIN ticket_replies ON user_id = ticket_reply_by
WHERE ticket_reply_archived_at IS NULL AND ticket_reply_ticket_id = $ticket_id WHERE ticket_reply_archived_at IS NULL AND ticket_reply_ticket_id = $ticket_id
"); ");
@ -461,7 +461,7 @@ if (isset($_GET['ticket_id'])) {
<div class="card-group mb-3"> <div class="card-group mb-3">
<div class="card card-body"> <div class="card card-body">
<div title="<?php echo $ticket_updated_at; ?>"> <div title="<?php echo $ticket_updated_at; ?>">
<i class="fa fa-fw fa-history text-secondary mr-2"></i>Updated: <strong><?php echo $ticket_updated_at_ago; ?></strong> <i class="fa fa-fw fa-history text-secondary mr-2"></i>Updated: <strong><?php echo $ticket_updated_at_ago; ?></strong>
</div> </div>
@ -587,7 +587,7 @@ if (isset($_GET['ticket_id'])) {
<!-- Only show ticket reply modal if status is not closed --> <!-- Only show ticket reply modal if status is not closed -->
<?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_resolved_at) && empty($ticket_closed_at)) { ?> <?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_resolved_at) && empty($ticket_closed_at)) { ?>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="ticket_id" id="ticket_id" value="<?php echo $ticket_id; ?>"> <input type="hidden" name="ticket_id" id="ticket_id" value="<?php echo $ticket_id; ?>">
@ -677,7 +677,7 @@ if (isset($_GET['ticket_id'])) {
</div> </div>
</form> </form>
<!-- End IF for reply modal --> <!-- End IF for reply modal -->
<?php } ?> <?php } ?>
@ -813,7 +813,7 @@ if (isset($_GET['ticket_id'])) {
<div class="card <?php if(!$ticket_resolved_at) { echo "collapsed-card"; } ?>"> <div class="card <?php if(!$ticket_resolved_at) { echo "collapsed-card"; } ?>">
<div class="card-header"> <div class="card-header">
<h5 class="card-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Ticket Details</h5> <h5 class="card-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Ticket Details</h5>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="collapse"> <button type="button" class="btn btn-tool" data-card-widget="collapse">
<i class="fas fa-chevron-down"></i> <i class="fas fa-chevron-down"></i>

14
api/v1/tickets/create.php
View File

@ -32,10 +32,16 @@ if (!empty($subject)) {
$contact = intval($row['contact_id']); $contact = intval($row['contact_id']);
} }
//Get the next Ticket Number and add 1 for the new ticket number // Atomically increment and get the new ticket number
$ticket_number = $config_ticket_next_number; mysqli_query($mysqli, "
$new_config_ticket_next_number = $config_ticket_next_number + 1; UPDATE settings
mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Insert ticket // Insert ticket
$url_key = randomString(156); $url_key = randomString(156);

184
client/post.php
View File

@ -34,10 +34,16 @@ if (isset($_POST['add_ticket'])) {
$priority = sanitizeInput($_POST['priority']); $priority = sanitizeInput($_POST['priority']);
} }
// Get the next Ticket Number and add 1 for the new ticket number // Atomically increment and get the new ticket number
$ticket_number = $config_ticket_next_number; mysqli_query($mysqli, "
$new_config_ticket_next_number = $config_ticket_next_number + 1; UPDATE settings
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Portal', ticket_category = $category, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = $session_user_id, ticket_contact_id = $session_contact_id, ticket_asset_id = $asset, ticket_url_key = '$url_key', ticket_client_id = $session_client_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Portal', ticket_category = $category, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = $session_user_id, ticket_contact_id = $session_contact_id, ticket_asset_id = $asset, ticket_url_key = '$url_key', ticket_client_id = $session_client_id");
$ticket_id = mysqli_insert_id($mysqli); $ticket_id = mysqli_insert_id($mysqli);
@ -180,7 +186,7 @@ if (isset($_POST['add_ticket_comment'])) {
} }
if (isset($_POST['add_ticket_feedback'])) { if (isset($_POST['add_ticket_feedback'])) {
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
$feedback = sanitizeInput($_POST['add_ticket_feedback']); $feedback = sanitizeInput($_POST['add_ticket_feedback']);
@ -210,7 +216,7 @@ if (isset($_POST['add_ticket_feedback'])) {
} }
if (isset($_GET['resolve_ticket'])) { if (isset($_GET['resolve_ticket'])) {
$ticket_id = intval($_GET['resolve_ticket']); $ticket_id = intval($_GET['resolve_ticket']);
// Get ticket details for logging // Get ticket details for logging
@ -275,7 +281,7 @@ if (isset($_GET['reopen_ticket'])) {
} }
if (isset($_GET['close_ticket'])) { if (isset($_GET['close_ticket'])) {
$ticket_id = intval($_GET['close_ticket']); $ticket_id = intval($_GET['close_ticket']);
// Get ticket details for logging // Get ticket details for logging
@ -299,7 +305,7 @@ if (isset($_GET['close_ticket'])) {
customAction('ticket_close', $ticket_id); customAction('ticket_close', $ticket_id);
redirect("ticket.php?id=" . $ticket_id); redirect("ticket.php?id=" . $ticket_id);
} else { } else {
// The client does not have access to this ticket - send them home // The client does not have access to this ticket - send them home
redirect("index.php"); redirect("index.php");
@ -307,7 +313,7 @@ if (isset($_GET['close_ticket'])) {
} }
if (isset($_GET['logout'])) { if (isset($_GET['logout'])) {
setcookie("PHPSESSID", '', time() - 3600, "/"); setcookie("PHPSESSID", '', time() - 3600, "/");
unset($_COOKIE['PHPSESSID']); unset($_COOKIE['PHPSESSID']);
@ -319,9 +325,9 @@ if (isset($_GET['logout'])) {
} }
if (isset($_POST['edit_profile'])) { if (isset($_POST['edit_profile'])) {
$new_password = $_POST['new_password']; $new_password = $_POST['new_password'];
if (!empty($new_password)) { if (!empty($new_password)) {
$password_hash = password_hash($new_password, PASSWORD_DEFAULT); $password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE users SET user_password = '$password_hash' WHERE user_id = $session_user_id"); mysqli_query($mysqli, "UPDATE users SET user_password = '$password_hash' WHERE user_id = $session_user_id");
@ -329,7 +335,7 @@ if (isset($_POST['edit_profile'])) {
// Logging // Logging
logAction("Contact", "Edit", "Client contact $session_contact_name edited their profile/password in the client portal", $session_client_id, $session_contact_id); logAction("Contact", "Edit", "Client contact $session_contact_name edited their profile/password in the client portal", $session_client_id, $session_contact_id);
} }
redirect('index.php'); redirect('index.php');
} }
@ -362,12 +368,12 @@ if (isset($_POST['add_contact'])) {
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$password_hash', user_auth_method = '$contact_auth_method', user_type = 2"); mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$password_hash', user_auth_method = '$contact_auth_method', user_type = 2");
$contact_user_id = mysqli_insert_id($mysqli); $contact_user_id = mysqli_insert_id($mysqli);
} }
// Create contact record // Create contact record
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_client_id = $session_client_id, contact_user_id = $contact_user_id"); mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_client_id = $session_client_id, contact_user_id = $contact_user_id");
$contact_id = mysqli_insert_id($mysqli); $contact_id = mysqli_insert_id($mysqli);
// Logging // Logging
@ -613,15 +619,15 @@ if (isset($_GET['add_payment_by_provider'])) {
customAction('invoice_pay', $invoice_id); customAction('invoice_pay', $invoice_id);
flash_alert("The amount " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " paid Invoice $invoice_prefix$invoice_number"); flash_alert("The amount " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " paid Invoice $invoice_prefix$invoice_number");
redirect(); redirect();
} else { } else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id); logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
flash_alert("Payment failed", 'error'); flash_alert("Payment failed", 'error');
redirect(); redirect();
} }
@ -635,9 +641,9 @@ if (isset($_POST['create_stripe_customer'])) {
// Get Stripe provider // Get Stripe provider
$stripe_provider_result = mysqli_query($mysqli, " $stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe' WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1 AND payment_provider_active = 1
LIMIT 1 LIMIT 1
"); ");
@ -657,10 +663,10 @@ if (isset($_POST['create_stripe_customer'])) {
// Check if client already has a Stripe customer // Check if client already has a Stripe customer
$existing_customer = mysqli_fetch_array(mysqli_query($mysqli, " $existing_customer = mysqli_fetch_array(mysqli_query($mysqli, "
SELECT payment_provider_client SELECT payment_provider_client
FROM client_payment_provider FROM client_payment_provider
WHERE client_id = $session_client_id WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id AND payment_provider_id = $stripe_provider_id
LIMIT 1 LIMIT 1
")); "));
@ -684,10 +690,10 @@ if (isset($_POST['create_stripe_customer'])) {
// Insert customer into client_payment_provider // Insert customer into client_payment_provider
mysqli_query($mysqli, " mysqli_query($mysqli, "
INSERT INTO client_payment_provider INSERT INTO client_payment_provider
SET client_id = $session_client_id, SET client_id = $session_client_id,
payment_provider_id = $stripe_provider_id, payment_provider_id = $stripe_provider_id,
payment_provider_client = '$stripe_customer_id', payment_provider_client = '$stripe_customer_id',
client_payment_provider_created_at = NOW() client_payment_provider_created_at = NOW()
"); ");
@ -697,9 +703,9 @@ if (isset($_POST['create_stripe_customer'])) {
} catch (Exception $e) { } catch (Exception $e) {
$error = $e->getMessage(); $error = $e->getMessage();
error_log("Stripe error while creating customer for $session_client_name: $error"); error_log("Stripe error while creating customer for $session_client_name: $error");
logApp("Stripe", "error", "Failed to create Stripe customer for $session_client_name: $error"); logApp("Stripe", "error", "Failed to create Stripe customer for $session_client_name: $error");
flash_alert("An error occurred while creating your Stripe customer. Please try again.", 'danger'); flash_alert("An error occurred while creating your Stripe customer. Please try again.", 'danger');
@ -723,9 +729,9 @@ if (isset($_GET['create_stripe_checkout'])) {
// Fetch Stripe provider info // Fetch Stripe provider info
$stripe_provider_result = mysqli_query($mysqli, " $stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe' WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1 AND payment_provider_active = 1
LIMIT 1 LIMIT 1
"); ");
@ -747,9 +753,9 @@ if (isset($_GET['create_stripe_checkout'])) {
// Get client currency // Get client currency
$client_currency_result = mysqli_query($mysqli, " $client_currency_result = mysqli_query($mysqli, "
SELECT client_currency_code SELECT client_currency_code
FROM clients FROM clients
WHERE client_id = $session_client_id WHERE client_id = $session_client_id
LIMIT 1 LIMIT 1
"); ");
$client_currency_row = mysqli_fetch_assoc($client_currency_result); $client_currency_row = mysqli_fetch_assoc($client_currency_result);
@ -791,9 +797,9 @@ if (isset($_GET['stripe_save_card'])) {
// Get Stripe provider // Get Stripe provider
$stripe_provider_result = mysqli_query($mysqli, " $stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe' WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1 AND payment_provider_active = 1
LIMIT 1 LIMIT 1
"); ");
@ -813,10 +819,10 @@ if (isset($_GET['stripe_save_card'])) {
// Get client's Stripe customer ID // Get client's Stripe customer ID
$client_provider_query = mysqli_query($mysqli, " $client_provider_query = mysqli_query($mysqli, "
SELECT payment_provider_client SELECT payment_provider_client
FROM client_payment_provider FROM client_payment_provider
WHERE client_id = $session_client_id WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id AND payment_provider_id = $stripe_provider_id
LIMIT 1 LIMIT 1
"); ");
$client_provider = mysqli_fetch_array($client_provider_query); $client_provider = mysqli_fetch_array($client_provider_query);
@ -854,8 +860,8 @@ if (isset($_GET['stripe_save_card'])) {
// Insert into client_saved_payment_methods // Insert into client_saved_payment_methods
mysqli_query($mysqli, " mysqli_query($mysqli, "
INSERT INTO client_saved_payment_methods INSERT INTO client_saved_payment_methods
SET SET
saved_payment_provider_method = '$payment_method_id', saved_payment_provider_method = '$payment_method_id',
saved_payment_description = '$saved_payment_description', saved_payment_description = '$saved_payment_description',
saved_payment_client_id = $session_client_id, saved_payment_client_id = $session_client_id,
@ -874,8 +880,8 @@ if (isset($_GET['stripe_save_card'])) {
// Email Confirmation // Email Confirmation
$sql_settings = mysqli_query($mysqli, " $sql_settings = mysqli_query($mysqli, "
SELECT * FROM companies, settings SELECT * FROM companies, settings
WHERE companies.company_id = settings.company_id WHERE companies.company_id = settings.company_id
AND companies.company_id = 1 AND companies.company_id = 1
"); ");
$row = mysqli_fetch_array($sql_settings); $row = mysqli_fetch_array($sql_settings);
@ -922,9 +928,9 @@ if (isset($_GET['delete_saved_payment'])) {
// Get Stripe provider info // Get Stripe provider info
$stripe_provider_result = mysqli_query($mysqli, " $stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe' WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1 AND payment_provider_active = 1
LIMIT 1 LIMIT 1
"); ");
$stripe_provider = mysqli_fetch_array($stripe_provider_result); $stripe_provider = mysqli_fetch_array($stripe_provider_result);
@ -943,11 +949,11 @@ if (isset($_GET['delete_saved_payment'])) {
} }
$saved_payment_result = mysqli_query($mysqli, " $saved_payment_result = mysqli_query($mysqli, "
SELECT saved_payment_id, saved_payment_description, saved_payment_provider_method SELECT saved_payment_id, saved_payment_description, saved_payment_provider_method
FROM client_saved_payment_methods FROM client_saved_payment_methods
WHERE saved_payment_id = $saved_payment_id WHERE saved_payment_id = $saved_payment_id
AND saved_payment_client_id = $session_client_id AND saved_payment_client_id = $session_client_id
AND saved_payment_provider_id = $stripe_provider_id AND saved_payment_provider_id = $stripe_provider_id
LIMIT 1 LIMIT 1
"); ");
@ -973,27 +979,27 @@ if (isset($_GET['delete_saved_payment'])) {
} catch (Exception $e) { } catch (Exception $e) {
$error = $e->getMessage(); $error = $e->getMessage();
error_log("Stripe error while removing payment method $payment_method_id: $error"); error_log("Stripe error while removing payment method $payment_method_id: $error");
logApp("Stripe", "error", "Exception removing payment method $payment_method_id: $error"); logApp("Stripe", "error", "Exception removing payment method $payment_method_id: $error");
flash_alert("An error occurred while removing your payment method.", 'danger'); flash_alert("An error occurred while removing your payment method.", 'danger');
redirect("saved_payment_methods.php"); redirect("saved_payment_methods.php");
} }
// Remove saved payment method from local DB // Remove saved payment method from local DB
mysqli_query($mysqli, " mysqli_query($mysqli, "
DELETE FROM client_saved_payment_methods DELETE FROM client_saved_payment_methods
WHERE saved_payment_id = $saved_payment_id WHERE saved_payment_id = $saved_payment_id
"); ");
// Remove any auto-pay records using this payment method // Remove any auto-pay records using this payment method
$recurring_invoices = mysqli_query($mysqli, " $recurring_invoices = mysqli_query($mysqli, "
SELECT recurring_invoice_id SELECT recurring_invoice_id
FROM recurring_invoices FROM recurring_invoices
WHERE recurring_invoice_client_id = $session_client_id WHERE recurring_invoice_client_id = $session_client_id
"); ");
@ -1001,8 +1007,8 @@ if (isset($_GET['delete_saved_payment'])) {
$recurring_invoice_id = intval($row['recurring_invoice_id']); $recurring_invoice_id = intval($row['recurring_invoice_id']);
mysqli_query($mysqli, " mysqli_query($mysqli, "
DELETE FROM recurring_payments DELETE FROM recurring_payments
WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id
AND recurring_payment_saved_payment_id = $saved_payment_id AND recurring_payment_saved_payment_id = $saved_payment_id
"); ");
} }
@ -1010,7 +1016,7 @@ if (isset($_GET['delete_saved_payment'])) {
logAction("Stripe", "Update", "$session_contact_name deleted Stripe payment method $saved_payment_description (PM: $payment_method_id)", $session_client_id); logAction("Stripe", "Update", "$session_contact_name deleted Stripe payment method $saved_payment_description (PM: $payment_method_id)", $session_client_id);
flash_alert("Payment method $saved_payment_description removed."); flash_alert("Payment method $saved_payment_description removed.");
redirect("saved_payment_methods.php"); redirect("saved_payment_methods.php");
} }
@ -1035,7 +1041,7 @@ if (isset($_POST['set_recurring_payment'])) {
LEFT JOIN client_saved_payment_methods ON saved_payment_provider_id = payment_provider_id LEFT JOIN client_saved_payment_methods ON saved_payment_provider_id = payment_provider_id
WHERE saved_payment_id = $saved_payment_id WHERE saved_payment_id = $saved_payment_id
AND saved_payment_client_id = $session_client_id AND saved_payment_client_id = $session_client_id
AND payment_provider_active = 1 AND payment_provider_active = 1
"); ");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@ -1078,13 +1084,13 @@ if (isset($_POST['client_add_document'])) {
$document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content'])); $document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content']));
// Create document // Create document
mysqli_query($mysqli, "INSERT INTO documents SET mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name', document_name = '$document_name',
document_description = '$document_description', document_description = '$document_description',
document_content = '', document_content = '',
document_content_raw = '$document_content_raw', document_content_raw = '$document_content_raw',
document_client_visible = 1, document_client_visible = 1,
document_client_id = $session_client_id, document_client_id = $session_client_id,
document_created_by = $session_contact_id"); document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli); $document_id = mysqli_insert_id($mysqli);
@ -1131,7 +1137,7 @@ if (isset($_POST['client_upload_document'])) {
// Check if file was uploaded // Check if file was uploaded
if (isset($_FILES['document_file']) && $_FILES['document_file']['error'] == 0) { if (isset($_FILES['document_file']) && $_FILES['document_file']['error'] == 0) {
// Validate and get a safe file reference name // Validate and get a safe file reference name
if ($file_reference_name = checkFileUpload($_FILES['document_file'], $allowedExtensions)) { if ($file_reference_name = checkFileUpload($_FILES['document_file'], $allowedExtensions)) {
@ -1151,26 +1157,26 @@ if (isset($_POST['client_upload_document'])) {
$document_content = "<p>Uploaded file: <strong>$file_name</strong></p><p>$document_description</p>"; $document_content = "<p>Uploaded file: <strong>$file_name</strong></p><p>$document_description</p>";
$document_content_raw = "$document_name $file_name $document_description"; $document_content_raw = "$document_name $file_name $document_description";
mysqli_query($mysqli, "INSERT INTO documents SET mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name', document_name = '$document_name',
document_description = '$document_description', document_description = '$document_description',
document_content = '$document_content', document_content = '$document_content',
document_content_raw = '$document_content_raw', document_content_raw = '$document_content_raw',
document_client_visible = 1, document_client_visible = 1,
document_client_id = $session_client_id, document_client_id = $session_client_id,
document_created_by = $session_contact_id"); document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli); $document_id = mysqli_insert_id($mysqli);
// Create file entry // Create file entry
mysqli_query($mysqli, "INSERT INTO files SET mysqli_query($mysqli, "INSERT INTO files SET
file_reference_name = '$file_reference_name', file_reference_name = '$file_reference_name',
file_name = '$file_name', file_name = '$file_name',
file_description = 'Attached to document: $document_name', file_description = 'Attached to document: $document_name',
file_ext = '$file_extension', file_ext = '$file_extension',
file_mime_type = '$file_mime_type', file_mime_type = '$file_mime_type',
file_size = $file_size, file_size = $file_size,
file_created_by = $session_contact_id, file_created_by = $session_contact_id,
file_client_id = $session_client_id"); file_client_id = $session_client_id");
$file_id = mysqli_insert_id($mysqli); $file_id = mysqli_insert_id($mysqli);

31
cron/cron.php
View File

@ -317,13 +317,16 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) {
$ticket_status = 2; // Set to open if we've auto-assigned an agent $ticket_status = 2; // Set to open if we've auto-assigned an agent
} }
// Assign this new ticket the next ticket number // Atomically increment and get the new ticket number
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1")); mysqli_query($mysqli, "
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']); UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
// Increment config_ticket_next_number by 1 (for the next ticket) $ticket_number = mysqli_insert_id($mysqli);
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Raise the ticket // Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");
@ -600,14 +603,16 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
$recurring_payment_method = sanitizeInput($row['recurring_payment_method']); $recurring_payment_method = sanitizeInput($row['recurring_payment_method']);
$recurring_payment_account_id = intval($row['recurring_payment_account_id']); $recurring_payment_account_id = intval($row['recurring_payment_account_id']);
// Get the last Invoice Number and add 1 for the new invoice number // Atomically increment and get the new invoice number
$sql_invoice_number = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); mysqli_query($mysqli, "
$row = mysqli_fetch_array($sql_invoice_number); UPDATE settings
$config_invoice_next_number = intval($row['config_invoice_next_number']); SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = $config_invoice_next_number; $new_invoice_number = mysqli_insert_id($mysqli);
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
//Generate a unique URL key for clients to access //Generate a unique URL key for clients to access
$url_key = randomString(156); $url_key = randomString(156);

14
cron/ticket_email_parser.php
View File

@ -76,10 +76,16 @@ $allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf', 'txt', '
function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) {
global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions;
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1")); // Atomically increment and get the new ticket number
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']); mysqli_query($mysqli, "
$new_config_ticket_next_number = $ticket_number + 1; UPDATE settings
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Clean up the message // Clean up the message
$message = trim($message); $message = trim($message);